Chapter 7.
Pluggable Authentication Modules (PAM)
Programs which give privileges to users must properly authenticate each user. For instance, when you
log into a system, you provide your username and password, and the log in process uses this username
and password to verify your identity.
Pluggable Authentication Modules (PAM) allows the system administrator to set authentication poli 
cies for PAM aware applications without having to recompile authentication programs. PAM does this
by utilizing a pluggable, modular architecture. Which modules PAM calls for a particular application
is determined by looking at that application's PAM configuration file in the
/etc/pam.d/
directory.
In most situations, you will never need to alter the default PAM configuration files for a PAM aware
application. Whenever you use RPM to install programs that require authentication, they automatically
make the changes necessary to do normal password authentication using PAM. However, if you need
to customize the PAM configuration file, you must understand the structure of this file (see Section
7.2 for more information).
7.1. Advantages of PAM
When used correctly, PAM provides the following advantages for a system administrator:
It provides a common authentication scheme that can be used with a wide variety of applications.
It allows great flexibility and control over authentication for both the system administrator and
application developer.
It allows application developers to develop their program without implementing a particular au 
thentication scheme. Instead, they can focus purely on the details of their program.
7.2. PAM Configuration Files
The directory
/etc/pam.d/
contains the PAM configuration files for PAM aware applications. In
earlier versions of PAM, the file
/etc/pam.conf
was used, but this file is now deprecated. The
pam.conf
file is only read if the
/etc/pam.d/
directory does not exist.
Each PAM aware application or service   as applications designed to be used by many users are
commonly known   has its own file within the
/etc/pam.d/
directory.
These files have a specific layout containing calls to modules usually located in the
/lib/security/
directory. Additionally, each line within a PAM configuration file specifies a module type, a control
flag, a path to the module, and, sometimes, module arguments.
7.2.1. PAM Service Names
Each PAM configuration file in the
/etc/pam.d/
directory is named after the service for which it
controls access. It is up to the PAM aware program to define its service name and install its PAM
configuration file in the
pam.d
directory. For example, the
login
program defines its service name
as
/etc/pam.d/login
.
In general, the service name is the name of the program used to access the service, not the pro 
gram used to provide the service. This is why the service
wu ftpd
, defines its service name as
/etc/pam.d/ftp
.






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

tomcat hosting

 

Our partners: PHP: Hypertext Preprocessor Best Web Hosting Java Web Hosting Inexpensive Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Jsp Hosting Cheap Hosting

Visionwebhosting.net Business web hosting division of Web Design Plus. All rights reserved