Authentication is important part of the operations systems like Linux. As Linux operating systems are multi user systems and runs a lot of services and complex scenarios they generally need robust and easy to implement complex scenarios authentication system. Linux Pluggable Authentication a.k.a. Linux PAM is very robust and dynamic authentication system. In this tutorial we will try to explain important aspects of Linux PAM.
In 1995 Open Software Foundation or Open Group published RFC for PAM. This RFC have gained a lot of interest which is resulted with a powerful community and development life cycle.
Authentication is used to verify provided user information. In Linux operating system environment there are a lot of services, users etc. All of them needs some privileges to use operating system or other services resources. This will create a lot of work on authentication.
Modules provides flexibility to the PAM. PAM do not rely on static libraries or modules. As there are a lot of services and interaction methods we need to provide dynamic ways for authentication. For example If we need to authenticate
ftp related services and users we need to use
pam_ftp module for this.
Modules provides required libraries but we need to configure the authentication. PAM config or module configuration is used to specify required actions and permissions. PAM configuration files are put on
/etc/pam.d/ where in this case we will look configuration file named
# # ftpd; add ftp-specifics. These lines enable anonymous ftp over # standard UN*X access (the listfile entry blocks access to # users listed in /etc/ftpusers) # auth sufficient pam_ftp.so auth required pam_unix.so use_first_pass auth required pam_listfile.so onerr=succeed item=user sense=deny file=/etc/ftpuser
pam_access is used for access management. This module configuration is taken from
/etc/security/access.conf . We can configure detailed access configuration with parameters like user, group,host, service etc. For more information about access module read following tutorial.