A comprehensive and practical guide to PAM for Linux: how modules work and how to implement them
Understand and configure PAM
Develop PAM-aware applications and your own PAMs using the API and C
How to authenticate users in Active Directory, mount encrypted home directories, load SSH keys automatically, and restrict web and rsh services
PAM-aware applications reduce the complexity of authentication. With PAM you can use the same user database for every login process. PAM also supports different authentication processes as required. Moreover, PAM is a well-defined API, and PAM-aware applications will not break if you change the underlying authentication configuration.
The PAM framework is widely used by most Linux distributions for authentication purposes. Originating from Solaris 2.6 ten years ago, PAM is used today by most proprietary and free UNIX operating systems including GNU/Linux, FreeBSD, and Solaris, following both the design concept and the practical details. PAM is thus a unifying technology for authentication mechanisms in UNIX.
PAM is a modular and flexible authentication management layer that sits between Linux applications and the native underlying authentication system. PAM can be implemented with various applications without having to recompile the applications to specifically support PAM.
First this book explains how Pluggable Authentication Modules (PAM) simplify and standardize authentication in Linux. It shows in detail how PAM works and how it is configured. Then 11 common modules used across UNIX/Linux distributions are examined and explained, including all their parameters. Installation of third-party modules is discussed, and the development of new modules and PAM-aware applications is outlined