Free Sample
+ Collection
Code Files

Pluggable Authentication Modules: The Definitive Guide to PAM for Linux SysAdmins and C Developers

Kenneth Geisshirt

A comprehensive and practical guide to PAM for Linux: how modules work and how to implement them
RRP $11.99
RRP $19.99
Print + eBook

Want this title & more?

$12.99 p/month

Subscribe to PacktLib

Enjoy full and instant access to over 2000 books and videos – you’ll find everything you need to stay ahead of the curve and make sure you can always get the job done.

Book Details

ISBN 139781904811329
Paperback124 pages

About This Book

  • Understand and configure PAM
  • Develop PAM-aware applications and your own PAMs using the API and C
  • How to authenticate users in Active Directory, mount encrypted home directories, load SSH keys automatically, and restrict web and rsh services

Who This Book Is For

This book is for experienced system administrators and developers working with multiple Linux/UNIX servers or with both UNIX and Windows servers. It assumes a good level of admin knowledge, and that developers are competent in C development on UNIX-based systems.

Table of Contents

Chapter 1: Introduction to PAM
History of PAM
PAM Solves the Authentication Problem
Need for PAM
Installing Linux-PAM
PAM Implementations
Chapter 2: Theory of Operation
PAM File System Layout
The PAM Framework
Online Documentation
Management Groups
Control Flags
Consolidating Your PAM Configuration
Securing Your Environment
Chapter 3: Testing and Debugging
Where to Test?
Leaving a Back Door Open
Test Cases
Getting Backstage
The pamtester Utility
Automating PAM Tests
Bad Example
Chapter 4: Common Modules
Modules Related to User Environments
Modules Used to Restrict Access
Modules Related to Back-End Storage
Chapter 5: Recipes
Encrypted Home Directories
Working with Secure Shell
Apache htaccess Made Smart
Directory Services
Limiting r-Services
Limiting Resources
Chapter 6: Developing with PAM
PAM-aware Applications
Developing your Own PAM Modules

What You Will Learn

  • Using PAM services for authentication in applications
  • Using PAM modules common to various operating systems (pam_mkhomedir, pam_mount, pam_succeed_if, pam_nologin, pam_wheel, pam_access, pam_deny, pam_unix, pam_winbind, pam_ldap, pam_mysql)
  • Testing and debugging your PAM configuration
  • Using PAM and Winbind for integrating any Linux/UNIX computer with Microsoft Active Directory
  • Developing your own PAM module in C

In Detail

PAM-aware applications reduce the complexity of authentication. With PAM you can use the same user database for every login process. PAM also supports different authentication processes as required. Moreover, PAM is a well-defined API, and PAM-aware applications will not break if you change the underlying authentication configuration.

The PAM framework is widely used by most Linux distributions for authentication purposes. Originating from Solaris 2.6 ten years ago, PAM is used today by most proprietary and free UNIX operating systems including GNU/Linux, FreeBSD, and Solaris, following both the design concept and the practical details. PAM is thus a unifying technology for authentication mechanisms in UNIX.

PAM is a modular and flexible authentication management layer that sits between Linux applications and the native underlying authentication system. PAM can be implemented with various applications without having to recompile the applications to specifically support PAM.


Read More