Linux Today: Linux News On Internet Time.

CMP Network Computing: Modular Authentication for Linux

Mar 04, 2002, 21:36 (5 Talkback[s])
(Other stories by Jeremy Impson)
"Times are changing. For those Linux users in corporate environments, being able to share files securely--both with other Linux users and with Windows users--still means remembering a set of passwords for Linux and a set for other platforms. But there's a better way: You can set up your systems so Linux users can gain secure authentication against a Windows NT Domain. That way they won't need a Linux account and a separate NT Domain account. It'll make life easier for you as a network administrator and make your power users happier.

Authentication is a process in which a system identifies a user. Access control determines what is permitted after authentication. Authentication is often closely tied to the concept of accounts, which are, generically, a set of information tied to a unique identifier. This information usually comprises the data needed to let someone use system resources. For example, it provides the location of the user's personal files or the user's real name. It may include environmental variables and resource limits. We'll focus primarily on authentication services and protocols.

Most recent Linux distributions use PAMs (Pluggable Authentication Modules), which are the key to flexible authentication. A PAM is an ASP designed to modularize the process of authenticating a user to a service. It was developed by Sun Microsystems and can be found on recent versions of Sun Solaris, IBM AIX, Hewlett-Packard's HP-UX and Apple Mac OS X, though it is used most widely with the various free operating systems, including Linux (notably Red Hat, Debian and SuSE), FreeBSD and NetBSD."

Complete Story

Related Stories: