What Is Linux PAM (Pluggable Authentication Module)? – POFTUT

What Is Linux PAM (Pluggable Authentication Module)?

by

Authentication is an important part of the operations systems like Linux. As Linux operating systems are multi-user systems and run a lot of services and complex scenarios they generally need robust and easy to implement complex scenarios authentication systems. Linux Pluggable Authentication a.k.a. Linux PAM is a very robust and dynamic authentication system. In this tutorial, we will try to explain important aspects of Linux PAM.

PAM History

In 1995 Open Software Foundation or Open Group published RFC for PAM. This RFC has gained a lot of interest which is resulted in a powerful community and development life cycle.

PAM Authentication

Authentication is used to verify user-provided information. In Linux operating system environment there are a lot of services, users, etc. All of them need some privileges to use the operating system or other services resources. This will create a lot of work on authentication.

PAM Modules

Modules provide flexibility to the PAM. PAM does not rely on static libraries or modules. As there are a lot of services and interaction methods we need to provide dynamic ways for authentication. For example, If we need to authenticate ftp related services and users we need to use pam_ftp module for this.

PAM Config

Modules provide required libraries but we need to configure the authentication. PAM config or module configuration is used to specify required actions and permissions. PAM configuration files are put on /etc/pam.d/ where in this case we will look configuration file named ftpd .

#
# ftpd; add ftp-specifics. These lines enable anonymous ftp over
# standard UN*X access (the listfile entry blocks access to
# users listed in /etc/ftpusers)
#
auth sufficient pam_ftp.so
auth required pam_unix.so use_first_pass
auth required pam_listfile.so onerr=succeed item=user sense=deny file=/etc/ftpuser

PAM Access

The pam_access is used for access management. This module configuration is taken from /etc/security/access.conf . We can configure detailed access configuration with parameters like the user, group, host, service, etc. For more information about the access, module read the following tutorial.

LEARN MORE  limits.conf File To Limit Users, Process In Linux With Examples

Access.conf Security Configuration For Linux and Unix

Leave a Comment