HOME

TheInfoList



Click Here for Items Related To - Linux PAM
OR:
Linux PAM on:   [Wikipedia]   [Google]   [Amazon]

Linux Pluggable Authentication Modules (PAM) is a suite of libraries that allows a Linux
system administrator A system administrator, or sysadmin, or admin is a person who is responsible for the upkeep, configuration, and reliable operation of computer systems, especially multi-user computers, such as servers. The system administrator seeks to en ...
to configure methods to
authenticate Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicati ...
users. It provides a flexible and centralized way to switch authentication methods for secured applications by using configuration files instead of changing application code. There are Linux PAM libraries allowing authentication using methods such as local passwords,
LDAP The Lightweight Directory Access Protocol (LDAP ) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory serv ...
, or fingerprint readers. Linux PAM is evolved from the
Unix Unix (; trademarked as UNIX) is a family of multitasking, multiuser computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, a ...
Pluggable Authentication Modules architecture. Linux-PAM separates the tasks of authentication into four independent management groups: * account modules check that the specified account is a valid authentication target under current conditions. This may include conditions like account expiration, time of day, and that the user has access to the requested service. * authentication modules verify the user's identity, for example by requesting and checking a password or other secret. They may also pass authentication information on to other systems like a
keyring A keychain (also key fob or keyring) is a small ring or chain of metal to which several keys can be attached. The length of a keychain allows an item to be used more easily than if connected directly to a keyring. Some keychains allow one or b ...
. * password modules are responsible for updating passwords, and are generally coupled to modules employed in the authentication step. They may also be used to enforce strong passwords. * session modules define actions that are performed at the beginning and end of sessions. A session starts after the user has successfully authenticated.


See also

* Pluggable Authentication Modules *
OpenPAM OpenPAM is a BSD-licensed implementation of PAM used by FreeBSD, NetBSD, DragonFly BSD and macOS (starting with Snow Leopard), and offered as an alternative to Linux PAM in certain Linux distributions. OpenPAM was developed for the FreeBSD Pr ...


References


External links


Primary distribution site for the Linux-PAM projectDevelopment site for the Linux-PAM project



''Linux PAM modules'', by Mokhtar Ebrahim
Linux kernel features Computer access control frameworks {{Security-software-stub