Presentation is loading. Please wait.

Presentation is loading. Please wait.

PAM Pluggable Autthentication Modules

Published byJasmin Kraus Modified over 5 years ago

Similar presentations

Presentation on theme: "PAM Pluggable Autthentication Modules"— Presentation transcript:

1 PAM Pluggable Autthentication Modules

2 PAM What’s PAM? a group of programs that do authentication
called by other, PAM-aware programs as a service to delegate the authentication task

3 Hypothetical example program X uses PAM’s module /lib/security/foo
configured by its config file /etc/pam.d/foo to perform authentication action Y

4 PAM Architecture

5 Operation sequence app calls PAM (1)
PAM reads app’s PAM config file (2) PAM calls PAM modules as listed in the file (3) – each succeeds or fails PAM itself succeeds or fails, depending on the modules’ outcomes returns its overall outcome to app (4) app proceeds (if success) or terminates (if failure)

6

7

8

9

10

11 Syntax: the module types
auth – establishes who the user is (e.g. password) account – non-authentication account management (e.g. check time-of-day restriction) session – any pre- (e.g. mounting) or post- (e.g. logging actions) password – update user’s authentication token

12 Syntax: the control flags
The control-flag is used to indicate how the PAM library will react to the success or failure of the module it is associated with. Since modules can be stacked (modules of the same type execute in series, one after another), the control-flags determine the relative importance of each module. The application is not made aware of the individual success or failure of modules listed in the `/etc/pam.conf' file.

13 Syntax: the control flags
Instead, it receives a summary success or fail response from the Linux-PAM library. The order of execution of these modules is that of the entries in the /etc/pam.conf file; earlier entries are executed before later ones…. The…syntax for the control-flag is a single keyword defined to indicate the severity of concern associated with the success or failure of a specific module. There are four such keywords: required, requisite, sufficient, optional….

14 Syntax: the control flags
required – this test must pass for app to proceed, further tests conducted but then app terminates requisite – same, but app terminates immediately sufficient – failure is OK, success dispenses with further tests of same type optional – app proceeding doesn’t depend on this test, unless there are no other successful tests

15 What some modules do pam_cracklib – evaluates password strength
pam_issue – add text to login prompt pam_nologin – determines if /etc/nologin exists pam_rootok – determines if user is root pam_securetty – determines if current tty listed in /etc/securetty pam_time – checks time against allowable times from /etc/security/time.conf

Download ppt "PAM Pluggable Autthentication Modules"

Similar presentations

CIS 193A – Lesson2CIS 193A - Lesson2 Authorization & Authentication Sudo and PAM.

CIS 193A – Lesson2CIS 193A - Lesson2 Authorization & Authentication Sudo and PAM.
METALOGIC s o f t w a r e © Metalogic Software Corporation 2004-2006 DACS Developer Overview DACS – the Distributed Access Control System.

METALOGIC s o f t w a r e © Metalogic Software Corporation DACS Developer Overview DACS – the Distributed Access Control System.
1 of 30 G/L Journal Authorisation / DA00594-w1 Last updated: 05-00 G/L Journal Authorisation.

1 of 30 G/L Journal Authorisation / DA00594-w1 Last updated: G/L Journal Authorisation.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
Software Testing and Quality Assurance

Software Testing and Quality Assurance
CCNA 2 v3.1 Module 2.

CCNA 2 v3.1 Module 2.
Installing a New Windows Server 2008 Domain Controller in a New Windows Server 2008 R2.

Installing a New Windows Server 2008 Domain Controller in a New Windows Server 2008 R2.
1. This presentation covers :  User Interface Administration  Files System and Services Management 2.

1. This presentation covers :  User Interface Administration  Files System and Services Management 2.
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.

Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.
Page - 1 Ariba Buyer 8.2.2 Upgrade Benefits/Enhancements  Streamlined User Interface  Requisition Function and Company eForms  Increased Performance.

Page - 1 Ariba Buyer Upgrade Benefits/Enhancements  Streamlined User Interface  Requisition Function and Company eForms  Increased Performance.
Mass user creation On our servers is used the convention, that each of user has only one database, which has the same name, as the user itself. This method.

Mass user creation On our servers is used the convention, that each of user has only one database, which has the same name, as the user itself. This method.
Module 10: Configuring Windows XP Professional to Operate in Microsoft Networks.

Module 10: Configuring Windows XP Professional to Operate in Microsoft Networks.
Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.

Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.
GMOD Chado: to a Model-View-Controller (MVC) architecture? Valentin GUIGNON ID, DAP, BIOS CIRAD Montpellier.

GMOD Chado: to a Model-View-Controller (MVC) architecture? Valentin GUIGNON ID, DAP, BIOS CIRAD Montpellier.
Copyright © 2007, Oracle. All rights reserved. Managing Concurrent Requests.

Copyright © 2007, Oracle. All rights reserved. Managing Concurrent Requests.
JAAS Qingyang Liu and Lingbo Wang CSCI 5931.01 Web Security April 2, 2003.

JAAS Qingyang Liu and Lingbo Wang CSCI Web Security April 2, 2003.
FTP Server and FTP Commands By Nanda Ganesan, Ph.D. © Nanda Ganesan, All Rights Reserved.

FTP Server and FTP Commands By Nanda Ganesan, Ph.D. © Nanda Ganesan, All Rights Reserved.
CIS 290 Linux Security Program Authentication Module and Security Enhanced LINUX.

CIS 290 Linux Security Program Authentication Module and Security Enhanced LINUX.
Secure Operating Systems Lesson C: Linux Security Features.

Secure Operating Systems Lesson C: Linux Security Features.
In the web address box enter https:\\password.sau.edu Enter your user ID (first and last initial 7 digit ID number) Select Log in.

In the web address box enter Enter your user ID (first and last initial 7 digit ID number) Select Log in.

Similar presentations

Ads by Google