aplication 只要與PAM連接, 就能支援全部上游的的認證機制

PAM Operation
PAM 的模組 /lib/security
PAM 設定檔 /etc/pam.d/

/etc/pam.d/ Files: Tests
auth  身份認證
account 帳號合不合法?有無被停用?
password  密碼變更
session login and logout 的 log
# cat /etc/pam.d/passwd
#%PAM-1.0
auth       include      system-auth 
account    include      system-auth 
password   include      system-auth

/etc/pam.d/Files: Control Values
requisted，全部做完才知道過還是不過
requisite，如果遇到不過的項目就馬上不過
sufficient，如果遇到過的項目就馬上過

Example
# cat /etc/pam.d/login
#%PAM-1.0
auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
auth       include      system-auth
account    required     pam_nologin.so
account    include      system-auth
password   include      system-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    optional     pam_keyinit.so force revoke
session    include      system-auth
session    required     pam_loginuid.so
session    optional     pam_console.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open
session    optional     pam_ck_connector.so

The system_auth File
system_auth 應用比較廣，常被 include

pam_unix.so
傳統的 NNS-based 認證
auth, account, password, session

Network Authentication
其他網路的 login 模組
pam_krb5.so (Kerberos V tickets)
pam_ldap.so (LDAP binds)
pam_smb_auth.so (old SMB authentication)
pam_winbind.so (SMB through winbindd)

Edit this page (if you have permission) |

Google Docs -- Web word processing, presentations and spreadsheets.