Pluggable Authentication Modules

From techdocs
(Redirected from PAM)
Jump to navigation Jump to search

Pluggable Authentication Modules (PAM) is a technology allowing programs to be written which require user authentication or authorisation without actually including any code in the programs to do this. Instead, the programs reference an external Pluggable Authentication Module library which uses files in /etc to configure a stack of modules which are called to perform the required actions.

For example, at one site PAM might be configured to use Kerberos to authenticate users and then LDAP to provide information about the authenticated users, such as their home directory locations (CSE's PAM setup is quite similar to this).

At another site, PAM might be configured to use local files for everything, typically /etc/passwd and /etc/shadow.

In either case, the same unmodified program would be able to run and do its authentication/authorisation by relying on PAM to set up, load and invoke the appropriate modules and functionality based on the site administrator's configuration files.

See:

/etc/pam.conf
/etc/pam.d/*
/etc/nsswitch.conf
Retrieved from ‘https://techdocs.cseunsw.tech/mediawiki/index.php?title=Pluggable_Authentication_Modules&oldid=1033