Enterprise Networking Planet: Pulling The Covers Off Linux PAM

"A hidden jewel--or pain in the rear, depending on your perspective--is Linux PAM (Pluggable Authentication Module). Linux oldtimers remember the ancient days when PAM was simple and used but a single configuration file. It didn't do much, and life was easy. The modern PAM is more complex and flexible, which can be trying for new sysadmins. But it has a number of significant advantages.

"Back in the Linux stone age, passwords were encrypted by the venerable crypt and the resulting hash was kept in /etc/passwd. /etc/passwd has to be world-readable, so anyone who could glom a copy of it could then crack the passwords at leisure. So shadow passwords were invented; the hashed password is kept in /etc/shadow, which only root can read..."

Complete Story

Related Stories:

• NewsForge: Hardening the PAM Framework(Sep 27, 2004)
• O'Reilly Network: Introduction to PAM (Sep 30, 2001)
• O'Reilly Network: Insecurities in a Nutshell: KTH Kerberos, Red Hat PAM, and More(Dec 14, 2000)