Overview#

Pluggable Authentication Modules (PAM) is an Authentication Method to integrate multiple low-level authentication schemes into a high-level API, which allows for programs that rely on authentication to be written independently of the underlying authentication scheme.

The Pluggable Authentication Modules framework provides a uniform way for authentication-related activities to take place. This approach enables application developers to use PAM services without having to know the semantics of the policy. Algorithms are centrally supplied. The algorithms can be modified independently of the individual applications. With PAM, administrators can tailor the authentication process to the needs of a particular system without having to change any applications. Adjustments are made through pam.conf, the PAM configuration file.

The following figure illustrates the PAM architecture. Applications communicate with the PAM library through the PAM application programming interface (API). PAM modules communicate with the PAM library through the PAM service provider interface (SPI). Thus, the PAM library enables applications and modules to communicate with each other.

PAM Configuration file syntax#

PAM Service Types#

There are four PAM Service Types

PAM Control Flags#

All PAM modules generate a success or failure result when checked. PAM Control Flags flags tell PAM what do with the result.

PAM module-arguments#

Pluggable Authentication Modules utilizes PAM module-arguments to pass information to a pluggable module during authentication for a particular PAM Service Types.

PAM module#

History#

Pluggable authentication modules or PAM are a mechanism to integrate multiple low-level authentication schemes into a high-level API, which allows for programs that rely on authentication to be written independently of the underlying authentication scheme.

Our interest in Pluggable Authentication Modules is for the setup of LDAP for Linux and Unix Clients.

PAM Documentation#

PAM Implementations#

This information is *OLD* This is of course not current, but is provided to show the many differences.
DistributionVersionPAM-VersionFeaturesRelease Date
SuSE Linux Enterprise Server80.76 July2002
9.077Some third party modulesSeptember 2002
9.30.77Some third party modulesDecember 2005
100.99.3 January 2006
Red Hat Enterprise Linux3.60.75 April 2001
40.77 September 2002
4.40.77newer buildApril 2006
Fedora Core50.78 November 2004
60.99.6.2 November 2006
Debian GNU/Linux3.1.20.76Many Third Party ModulesJuly 2002
4.00.79Many Third Party ModulesDecember 2006
Ubunta Linux5.100.75Many Third Party ModulesOctober 2005
6.060.77Many Third Party ModulesJuly 2006
6.100.79Many Third Party ModulesNovember 2006
Arch Linux0.7.10.81 November 2005

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
png
pam.overview.1.png 123.5 kB 1 20-Jan-2013 13:43 jim pam overview
« This page (revision-40) was last changed on 02-Dec-2015 12:15 by jim