PAM Explained

Pluggable Authentication Modules (PAM) is a system of libraries that handle the tasks of authentication on your computer. It uses four management groups: account management, authentication management, password management, and session management. This allows the system administrator to choose how individual applications will authenticate users. Ubuntu has preinstalled and preconfigured all the necessary PAM files for you.

The configuration files in Ubuntu are found in /etc/pam.d. These files are named for the service they control, and the format is as follows:

type control module-path module-arguments

The type field is the management group that the rule corresponds to. The control field tells PAM what to do if authentication fails. The final two items deal with the PAM module used and any arguments it needs. Programs that use PAM typically come packaged with appropriate entries for the /etc/pam.d directory. To achieve greater security, the system administrator can modify the default entries. Misconfiguration can have unpredictable results, so back up the configuration files before you modify them. The defaults provided by Ubuntu are adequate for home and small office users.

An example of a PAM configuration file with the formatted entries as described previously is shown next. Here are the contents of /etc/pam.d/gdm:

auth requisite pam_nologin.so auth required pam_env.so

@include common-auth

@include common-account session required pam_limits.so

@include common-session

@include common-password

Amusingly, even the PAM documents state that you do not really need (or want) to know a lot about PAM to use it effectively.

You will likely need only the PAM system administrator's guide. You can find it at http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam.html.

Was this article helpful?

0 0

Post a comment