Jump to content

Linux PAM: Difference between revisions

From Wikipedia, the free encyclopedia
Content deleted Content added
m rvt - direct copyvio cut and paste (HG)
Citation bot (talk | contribs)
Altered url. URLs might have been anonymized. Add: archive-date, archive-url. | Use this bot. Report bugs. | Suggested by Jay8g | Linked from User:Jay8g/sandbox | #UCB_webform_linked 446/1114
 
(38 intermediate revisions by 33 users not shown)
Line 1: Line 1:
{{Short description|Software library to manage authentication on Linux systems}}
{{nofootnotes|date=September 2010}}
{{Infobox software
'''Linux Pluggable Authentication Modules''' (PAM) provide dynamic authorization for applications and services in a [[Linux]] system. Linux PAM is evolved from the [[Unix]] [[Pluggable Authentication Modules]] architecture.
| name = Linux PAM
| title = Linux PAM
| logo = <!-- Image name is enough -->
| logo caption =
| logo size =
| logo alt =
| screenshot = <!-- Image name is enough -->
| caption =
| screenshot size =
| screenshot alt =
| author =
| developer =
| released = <!-- {{Start date and age|YYYY|MM|DD|df=yes/no}} -->
| discontinued =
| latest release version = 1.5.3
| latest release date = {{Start date and age|2023|05|08}}
| latest preview version =
| latest preview date = <!-- {{Start date and age|YYYY|MM|DD|df=yes/no}} -->
| programming language = [[C (programming language)|C]]
| operating system = [[Linux]]
| platform =
| size =
| genre = authentication
| repo = https://github.com/linux-pam/linux-pam
| license = [[GNU General Public License]] or [[Modified BSD License]]
| website = {{URL|http://www.linux-pam.org/}}
}}
'''Linux Pluggable Authentication Modules''' (PAM) is a suite of libraries that allow a Linux [[system administrator]] to configure methods to [[Authentication|authenticate]] users. It provides a flexible and centralized way to switch authentication methods for secured applications by using configuration files instead of changing application code.<ref>{{Cite web|title=Chapter 1. Introduction|url=http://www.linux-pam.org/Linux-PAM-html/sag-introduction.html|access-date=2023-11-11|website=An Internet Archive page of Linux PAM site|archive-url=https://web.archive.org/web/20210506140423/http://www.linux-pam.org/Linux-PAM-html/sag-introduction.html |archive-date=2021-05-06 }}</ref> There are Linux PAM libraries allowing authentication using methods such as local passwords, [[Lightweight Directory Access Protocol|LDAP]], or fingerprint readers.<ref>{{Cite web|last=Lauber|first=Susan|date=2020-07-22|title=An introduction to Pluggable Authentication Modules (PAM) in Linux|url=https://www.redhat.com/sysadmin/pluggable-authentication-modules-pam|access-date=2021-02-28|website=Red Hat|language=en}}</ref> Linux PAM is evolved from the [[Unix]] [[Pluggable Authentication Modules]] architecture.<ref>{{Cite web|url=https://www.linuxjournal.com/article/5940|title=Securing Applications on Linux with PAM {{!}} Linux Journal|last1=Fernandes|first1=Savio|last2=Reddy|first2=KLM|website=[[Linux Journal]]|language=en|access-date=2018-09-30}}</ref>


Linux-PAM separates the tasks of authentication into four independent management groups:<ref>{{Cite web|title=pam.d(8): Pluggable Authentication Modules for - Linux man page|url=https://linux.die.net/man/8/pam.d|access-date=2021-02-28|website=linux.die.net}}</ref>

* account modules check that the specified account is a valid authentication target under current conditions. This may include conditions like account expiration, time of day, and that the user has access to the requested service.
There are four groups for independent management:
* authentication modules verify the user's identity, for example by requesting and checking a password or other secret. They may also pass authentication information on to other systems like a [[Keyring (cryptography)|keyring]].

* password modules are responsible for updating passwords, and are generally coupled to modules employed in the authentication step. They may also be used to enforce strong passwords.
* Account modules check that the specified account is a valid authentication target under current conditions. This may include conditions like account expiration, time of day, and that the user has access to the requested service.
* session modules define actions that are performed at the beginning and end of sessions. A session starts after the user has successfully authenticated.
* Authentication modules verify the user's identity, for example by requesting and checking a password or other secret. They may also pass authentication information on to other systems like a [[keyring]].
* Password modules are responsible for updating passwords, and are generally coupled to modules employed in the authentication step. They may also be used to enforce strong passwords.
* Session modules define actions that are performed at the beginning and end of sessions. A session starts after the user has successfully authenticated.


==See also==
==See also==
{{Portal|Linux|Free and open-source software}}
* [[OpenPAM]]
*[[Pluggable Authentication Modules]]
*[[OpenPAM]]

==References==
{{Reflist}}


==External links==
==External links==
* [http://www.kernel.org/pub/linux/libs/pam/ Linux-PAM page]
* [http://www.linux-pam.org/ Primary distribution site for the Linux-PAM project]
* [http://linux.die.net/man/8/pam.d pam.d(8) - Linux man page]
*[https://github.com/linux-pam/linux-pam Development site for the Linux-PAM project]
* [http://www.kernel.org/pub/linux/libs/pam/whatispam.html What is Linux-PAM?]
* [http://aplawrence.com/Basics/understandingpam.html ''Understanding PAM'', by A.P. Lawrence]
* [https://likegeeks.com/linux-pam-easy-guide/ ''Linux PAM modules'', by Mokhtar Ebrahim]


{{Linux kernel}}
[[Category:Linux]]

[[Category:Linux kernel features]]
[[Category:Computer access control frameworks]]
[[Category:Computer access control frameworks]]



{{Security-software-stub}}
{{Security-software-stub}}

Latest revision as of 03:33, 13 February 2024

Linux PAM
Stable release
1.5.3 / May 8, 2023; 18 months ago (2023-05-08)
Repositoryhttps://github.com/linux-pam/linux-pam
Written inC
Operating systemLinux
Typeauthentication
LicenseGNU General Public License or Modified BSD License
Websitewww.linux-pam.org

Linux Pluggable Authentication Modules (PAM) is a suite of libraries that allow a Linux system administrator to configure methods to authenticate users. It provides a flexible and centralized way to switch authentication methods for secured applications by using configuration files instead of changing application code.[1] There are Linux PAM libraries allowing authentication using methods such as local passwords, LDAP, or fingerprint readers.[2] Linux PAM is evolved from the Unix Pluggable Authentication Modules architecture.[3]

Linux-PAM separates the tasks of authentication into four independent management groups:[4]

  • account modules check that the specified account is a valid authentication target under current conditions. This may include conditions like account expiration, time of day, and that the user has access to the requested service.
  • authentication modules verify the user's identity, for example by requesting and checking a password or other secret. They may also pass authentication information on to other systems like a keyring.
  • password modules are responsible for updating passwords, and are generally coupled to modules employed in the authentication step. They may also be used to enforce strong passwords.
  • session modules define actions that are performed at the beginning and end of sessions. A session starts after the user has successfully authenticated.

See also

[edit]

References

[edit]
  1. ^ "Chapter 1. Introduction". An Internet Archive page of Linux PAM site. Archived from the original on 2021-05-06. Retrieved 2023-11-11.
  2. ^ Lauber, Susan (2020-07-22). "An introduction to Pluggable Authentication Modules (PAM) in Linux". Red Hat. Retrieved 2021-02-28.
  3. ^ Fernandes, Savio; Reddy, KLM. "Securing Applications on Linux with PAM | Linux Journal". Linux Journal. Retrieved 2018-09-30.
  4. ^ "pam.d(8): Pluggable Authentication Modules for - Linux man page". linux.die.net. Retrieved 2021-02-28.
[edit]