Pluggable Authentication Modules: Difference between revisions
(Created page with "'''Pluggable Authentication Modules''' (PAM) is a technology allowing programs to be written which require user authentication or authorisation without actually including any code in the programs to do this. Instead, the programs reference an external Pluggable Authentication Module library which uses files set up in <code>/etc</code> to configure a stack of modules which are called to perform the required actions. For example, at one site PAM might be configured to use...") |
mNo edit summary |
||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
'''Pluggable Authentication Modules''' (PAM) is a technology allowing programs to be written which require user authentication or authorisation without actually including any code in the programs to do this. Instead, the programs reference an external Pluggable Authentication Module library which uses files | '''Pluggable Authentication Modules''' (PAM) is a technology allowing programs to be written which require user authentication or authorisation without actually including any code in the programs to do this. Instead, the programs reference an external Pluggable Authentication Module library which uses files in <code>/etc</code> to configure a stack of modules which are called to perform the required actions. | ||
For example, at one site PAM might be configured to use [[Kerberos]] to authenticate users and then [[LDAP]] to provide information about the authenticated users, such as their [[home directory]] locations ([[CSE]] is | For example, at one site PAM might be configured to use [[Kerberos]] to authenticate users and then [[LDAP]] to provide information about the authenticated users, such as their [[home directory]] locations ([[CSE]]'s PAM setup is quite similar to this). | ||
At another site, PAM might be configured to use local files for everything, typically <code>/etc/passwd</code> and <code>/etc/shadow</code>. | At another site, PAM might be configured to use local files for everything, typically <code>/etc/passwd</code> and <code>/etc/shadow</code>. | ||
Latest revision as of 17:04, 5 September 2023
Pluggable Authentication Modules (PAM) is a technology allowing programs to be written which require user authentication or authorisation without actually including any code in the programs to do this. Instead, the programs reference an external Pluggable Authentication Module library which uses files in /etc to configure a stack of modules which are called to perform the required actions.
For example, at one site PAM might be configured to use Kerberos to authenticate users and then LDAP to provide information about the authenticated users, such as their home directory locations (CSE's PAM setup is quite similar to this).
At another site, PAM might be configured to use local files for everything, typically /etc/passwd and /etc/shadow.
In either case, the same unmodified program would be able to run and do its authentication/authorisation by relying on PAM to set up, load and invoke the appropriate modules and functionality based on the site administrator's configuration files.
See:
/etc/pam.conf/etc/pam.d/*/etc/nsswitch.conf