Authentication is an important part of the operations systems like Linux. As Linux operating systems are multi-user systems and run a lot of services and complex scenarios they generally need robust and easy to implement complex scenarios authentication systems. Linux Pluggable Authentication a.k.a. Linux PAM is a very robust and dynamic authentication system. In this tutorial, we will try to explain important aspects of Linux PAM.
In 1995 Open Software Foundation or Open Group published RFC for PAM. This RFC has gained a lot of interest which is resulted in a powerful community and development life cycle.
Authentication is used to verify user-provided information. In Linux operating system environment there are a lot of services, users, etc. All of them need some privileges to use the operating system or other services resources. This will create a lot of work on authentication.
Modules provide flexibility to the PAM. PAM does not rely on static libraries or modules. As there are a lot of services and interaction methods we need to provide dynamic ways for authentication. For example, If we need to authenticate
ftp related services and users we need to use
pam_ftp module for this.
Modules provide required libraries but we need to configure the authentication. PAM config or module configuration is used to specify required actions and permissions. PAM configuration files are put on
/etc/pam.d/ where in this case we will look configuration file named
# # ftpd; add ftp-specifics. These lines enable anonymous ftp over # standard UN*X access (the listfile entry blocks access to # users listed in /etc/ftpusers) # auth sufficient pam_ftp.so auth required pam_unix.so use_first_pass auth required pam_listfile.so onerr=succeed item=user sense=deny file=/etc/ftpuser
pam_access is used for access management. This module configuration is taken from
/etc/security/access.conf . We can configure detailed access configuration with parameters like the user, group, host, service, etc. For more information about the access, module read the following tutorial.