CMP Network Computing: Modular Authentication for Linux
Mar 04, 2002, 21:36 (5 Talkback[s])
(Other stories by Jeremy Impson)
"Times are changing. For those Linux users in corporate
environments, being able to share files securely--both with other
Linux users and with Windows users--still means remembering a set
of passwords for Linux and a set for other platforms. But there's a
better way: You can set up your systems so Linux users can gain
secure authentication against a Windows NT Domain. That way they
won't need a Linux account and a separate NT Domain account. It'll
make life easier for you as a network administrator and make your
power users happier.
Authentication is a process in which a system identifies a user.
Access control determines what is permitted after authentication.
Authentication is often closely tied to the concept of accounts,
which are, generically, a set of information tied to a unique
identifier. This information usually comprises the data needed to
let someone use system resources. For example, it provides the
location of the user's personal files or the user's real name. It
may include environmental variables and resource limits. We'll
focus primarily on authentication services and protocols.
Most recent Linux distributions use PAMs (Pluggable
Authentication Modules), which are the key to flexible
authentication. A PAM is an ASP designed to modularize the process
of authenticating a user to a service. It was developed by Sun
Microsystems and can be found on recent versions of Sun Solaris,
IBM AIX, Hewlett-Packard's HP-UX and Apple Mac OS X, though it is
used most widely with the various free operating systems, including
Linux (notably Red Hat, Debian and SuSE), FreeBSD and NetBSD."