Shulou(Shulou.com)06/01 Report--

This issue of the content of the editor will bring you about the Linux system how to achieve pam authentication, the article is rich in content and professional analysis and description for you, after reading this article, I hope you can get something.

Introduction to pam: PMA (Pluggable Authentication Module) is a pluggable authentication module. In the Linux system, various applications need to complete the authentication function. In order to achieve unified deployment, make all the authentication functions into one module (except where the authentication mechanism is particularly complex, such as: https). When a specific program needs to complete the authentication function, call the authentication module of PMA. These modules are located in the / lib64/security (/ lib/security:32 bit operating system) directory in the system, but not all modules are used to complete authentication. Some modules exist to achieve some advanced functions of PAM, in which the authentication library of PMA is provided by glibc. Which PMA module the application ultimately uses depends on the definition under the / etc/pma.d/* directory.

Second, pam authentication principle PAM authentication generally follows this order: Service (service) → PAM (configuration file) → pam_*.so. PAM authentication first determines which service, then loads the corresponding PAM configuration file (under / etc/pam.d), and finally calls the authentication file (under / lib/security) for security authentication. The authentication schematic is shown in the following figure:

When the user visits the server, one of the server's service programs sends the user's request to the PAM module for authentication. The corresponding PAM modules are also different for different server applications. If you want to check whether a program supports PAM authentication, you can use the ldd command to check, for example, whether sshd supports PAM module authentication, as shown in the following figure:

3. Objectively speaking, the composition of PAM authentication is quite complex. Here we simply introduce that PAM authentication includes four common types of authentication (module type):

1. Authentication Management (authentication management)

Accept the user name and password, then authenticate the user's password, and be responsible for setting some secret information of the user.

2. Account Management (account management)

Check whether the account is allowed to log on to the system, whether the account has expired, whether the login of the account has a time limit, and so on.

3. Password Management (password management)

It is mainly used to change the user's password.

4. Session Management (session management)

It mainly provides session management and accounting (accounting).

4. Pam verification control type (Control Values) validation control type can also be called Control Flags, which is used to return results of PAM verification type. There are four types of verification control types:

1. Required verification still continues when it fails, but returns Fail (the user will not know where it failed).

2. If requisite verification fails, the whole verification process ends immediately and Fail is returned.

3. If the sufficient verification is successful, it will be returned immediately and will not continue, otherwise the result will be ignored and continued.

4. Optional will not be affected regardless of the verification result (usually used in the session type).

The result returned by the PAM validation type is as follows:

To facilitate your understanding, give two examples, as shown in the following figure:

From the above two figures, you can see that when the required fails, it will continue, but it will still fail in the end. If the requisite verification fails, it ends immediately. On the other hand, if the sufficient is verified successfully, it will end immediately.

The above is the editor for you to share the Linux system how to achieve pam authentication, if you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.