Kenneth Geisshirt1904811329, 9781904811329
A comprehensive and practical guide to PAM for Linux: how modules work and how to implement them, covering 11 common modules, and installation of third-party offerings. Also covers developing your own modules in C. First this book explains how Pluggable Authentication Modules (PAM) simplify and standardize authentication in Linux. It shows in detail how PAM works and how it is configured. Then 11 common modules used across UNIX/Linux distributions are examined and explained, including all their parameters. Installation of third-party modules is discussed, and the development of new modules and PAM-aware applications is outlined PAM-aware applications reduce the complexity of authentication. With PAM you can use the same user database for every login process. PAM also supports different authentication processes as required. Moreover, PAM is a well-defined API, and PAM-aware applications will not break if you change the underlying authentication configuration. The PAM framework is widely used by most Linux distributions for authentication purposes. Originating from Solaris 2.6 ten years ago, PAM is used today by most proprietary and free UNIX operating systems including GNU/Linux, FreeBSD, and Solaris, following both the design concept and the practical details. PAM is thus a unifying technology for authentication mechanisms in UNIX. PAM is a modular and flexible authentication management layer that sits between Linux applications and the native underlying authentication system. PAM can be implemented with various applications without having to recompile the applications to specifically support PAM. This book provides a practical approach to UNIX/Linux authentication. The design principles are explained thoroughly, then illustrated through the examination of popular modules. It is intended as a one-stop introduction and reference to PAM. This book is for experienced system administrators and developers working with multiple Linux/UNIX servers or with both UNIX and Windows servers. It assumes a good level of admin knowledge, and that developers are competent in C development on UNIX-based systems. |
Table of contents :
Pluggable Authentication Modules……Page 1
Table of Contents……Page 8
Preface……Page 12
History of PAM……Page 18
PAM Solves the Authentication Problem……Page 19
Installing Linux PAM……Page 20
Compiling……Page 21
PAM Implementations……Page 23
Summary……Page 25
PAM File System Layout……Page 26
The PAM Framework……Page 28
Online Documentation……Page 30
Services……Page 31
Management Groups……Page 33
The Auth Group……Page 34
The Account Group……Page 35
The Password Group……Page 36
Control Flags……Page 37
Sufficient……Page 38
Order matters……Page 39
Consolidating Your PAM Configuration……Page 40
An Example……Page 43
Summary……Page 46
Where to Test?……Page 48
Leaving a Back Door Open……Page 49
Test Cases……Page 50
Enabling Logging……Page 51
Reading the Log……Page 53
The pamtester Utility……Page 55
Automating PAM Tests……Page 57
Bad Example……Page 58
Summary……Page 60
Parameters……Page 62
debug……Page 63
use_first_pass……Page 64
expose_account……Page 66
pam_mkhomedir……Page 67
pam_mount……Page 68
pam_succeed_if……Page 69
pam_nologin……Page 70
pam_access……Page 71
pam_deny……Page 72
pam_unix……Page 73
pam_ldap……Page 74
pam_mysql……Page 75
Summary……Page 76
Encrypted Home Directories……Page 78
Working with Secure Shell……Page 79
Apache htaccess Made Smart……Page 82
Directory Services……Page 83
Overview……Page 84
Winbind Configuration……Page 86
Kerberos……Page 87
Joining the Directory……Page 88
Finally PAM……Page 89
LDAP……Page 91
The LDAP Client……Page 92
PAM Configuration……Page 93
Limiting r-Services……Page 94
Limiting Resources……Page 96
Summary……Page 98
PAM-aware Applications……Page 100
Opening and Closing a PAM Session……Page 102
Authenticating the User……Page 103
Manipulating the PAM Handling Data Structure……Page 104
Conversation Functions……Page 105
Developing your Own PAM Modules……Page 106
The Management Groups……Page 107
Return Codes……Page 108
Supporting Functions……Page 109
Compiling……Page 110
Summary……Page 111
Vault – Secure Database……Page 112
The ssh_tunnels Module……Page 114
Index……Page 118 |
Reviews
There are no reviews yet.