Shulou(Shulou.com)06/03 Report--

The knowledge points of this article include: the introduction of the pam module, the structure of the pam module, the configuration and configuration file introduction of the pam module and the four management interfaces of the pam module. I believe you have a certain understanding of the pam module after reading the complete article.

PAM pluggable authentication modules

An authentication mechanism proposed by sun.

By providing some dynamic link libraries and a set of unified API, the service provided by the system is separated from the authentication mode of the service, so that the system administrator can flexibly configure different authentication methods for different services according to their needs without changing the service program. at the same time, it is also convenient to add new authentication means to the system.

I. the structure of PAM

The system administrator formulates the authentication policy through the PAM configuration file, that is, which authentication method should be adopted for what service; the application developer invokes the authentication method by using PAM API in the service program. The developers of the PAM service module (service module) use PAM API (service module API) to write the authentication module (mainly leads to some functions pam_sm_xxxx () for libpam to call), adding different authentication mechanisms (such as traditional Unix authentication method, Kerberos, etc.) to the system; PAM core library (libpam) reads the configuration file, according to which the service program is associated with the corresponding authentication method.

2. Four management interfaces supported by PAM:

1. Authentication Management (authentication management)

Mainly accept the user name and password, and then authenticate the user's password, and be responsible for setting some secret information.

2. Account Management (account management)

The main purpose is to check whether the account is allowed to log on to the system, whether the account has expired, whether the login of the account has a time limit, and so on.

3. Password Management (password management)

It is mainly used to change the user's password.

4. Session Management (session management)

It mainly provides session management and accounting (accounting).

3. Documents of PAM:

/ etc/pam.conf or / etc/pam.d/PAM configuration file

/ usr/lib/security/pam_*.so dynamically loadable PAM service module

For Redhat, the directory is not / usr/lib, but / lib.

Fourth, the configuration of PAM:

PAM is configured through a single configuration file / etc/pam.conf. Redhat also supports another configuration method, that is, by configuring the directory / etc/pam.d/, which takes precedence over a single configuration file.

1. Use configuration file / etc/pam.conf

2. Use the configuration directory / etc/pam.d/ (only applicable to Redhat Linux)

On the pam module to share here, I hope that the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.