Linux Today: Linux News On Internet Time.

Designing a Linux PAM login security application

Mar 11, 2009, 21:33 (0 Talkback[s])
(Other stories by Vishal Srivistava)

[ Thanks to An Anonymous Reader for this link. ]

"PAM is an API that takes care of authenticating a user to a service. Before PAM, applications like login (and rlogin, telnet, rsh) looked for the username in /etc/passwd, then compared the two and authenticated the user-typed name. All applications used these shared services, although the implementation details and authority to configure them was not shared.

"Next, application developers tried coding their own processes. With this came the need to separate the application and security module (a common security module can be shared by applications and can be configured as needed).

"The PAM mechanism integrates multiple low-level authentication schemes into a high-level API that allows programs that rely on authentication to be written independently of the underlying authentication scheme. The principal feature of PAM is the dynamic configuration of authentication through either an /etc/pam.d or /etc/pam.conf file.

"PAM can be configured to deny certain programs the right to authenticate users and to warn when certain programs attempt to authenticate. PAM programs make use of PAM modules (authentication modules): They are attached to applications at runtime in order to work."

Complete Story

Related Stories: