Pluggable Authentication Modules: The Definitive Guide to PAM for Linux SysAdmins and C Developers: A Comprehensive and Practical Guide to PAM for Linux: How Modules Work and How to Implement Them

First this book explains how Pluggable Authentication Modules (PAM) simplify and standardize authentication in Linux. It shows in detail how PAM works and how it is configured. Then 11 common modules used across UNIX/Linux distributions are examined and explained, including all their parameters. Installation of third-party modules is discussed, and the development of new modules and PAM-aware applications is outlined

In Detail

PAM-aware applications reduce the complexity of authentication. With PAM you can use the same user database for every login process. PAM also supports different authentication processes as required. Moreover, PAM is a well-defined API, and PAM-aware applications will not break if you change the underlying authentication configuration.

The PAM framework is widely used by most Linux distributions for authentication purposes. Originating from Solaris 2.6 ten years ago, PAM is used today by most proprietary and free UNIX operating systems including GNU/Linux, FreeBSD, and Solaris, following both the design concept and the practical details. PAM is thus a unifying technology for authentication mechanisms in UNIX.

PAM is a modular and flexible authentication management layer that sits between Linux applications and the native underlying authentication system. PAM can be implemented with various applications without having to recompile the applications to specifically support PAM.

What you will learn from this book

• Using PAM services for authentication in applications
• Using PAM modules common to various operating systems (pam_mkhomedir, pam_mount, pam_succeed_if, pam_nologin, pam_wheel, pam_access, pam_deny, pam_unix, pam_winbind, pam_ldap, pam_mysql)
• Testing and debugging your PAM configuration
• Using PAM and Winbind for integrating any Linux/UNIX computer with Microsoft Active Directory
• Developing your own PAM module in C

Approach

This book provides a practical approach to UNIX/Linux authentication. The design principles are explained thoroughly, then illustrated through the examination of popular modules. It is intended as a one-stop introduction and reference to PAM.

Who this book is written for

This book is for experienced system administrators and developers working with multiple Linux/UNIX servers or with both UNIX and Windows servers. It assumes a good level of admin knowledge, and that developers are competent in C development on UNIX-based systems.

About the Author

Kenneth Geisshirt is a chemist by education, and is a strong free-software advocate. He spent his Christmas holidays in 1992 installing SLS Linux, and GNU/Linux has been his favorite operating system ever since. Currently, he does consultancy work in areas like scientific computing and Linux clusters.