Tuesday, May 17, 2011

Pluggable Authentication Modules

PAM stands for Pluggable Authentication Modules. PAM is a library, used to control the function of various applications that have the capability to use the PAM libraries. PAM is based on a series of library modules, some of which depend on configuration files. Locations of PAM configuration files and library modules are:
* All PAM applications are configured in the directory “/etc/pam.d” or in a file “/etc/pam.conf”.
* The library modules are normally stored in the directory “/lib/security”.
* The configuration files are located in the directory “/etc/security”.
To configure PAM, on systems already set up for it, you would need to edit the files for the service you want to modify in the “/etc/pam.d” directory, and modify the appropriate configuration file in the directory “/etc/security”. This page will explain how to set up the configuration files and how to configure the modules so applications can use them.
The PAM configuration files
PAM is controlled a main configuration file( /etc/pam.conf) or control directory (/etc/pam.d). Some PAM module’s behavior is controlled with configuration files (in /etc/security)as listed below:
* access.conf – Login access control. Used for the pam_access.so library.
* group.conf – Group membership control. Used for the pam_group.so library.
* limits.conf – Set system resource limits. Used for the pam_limits.so library.
* pam_env – Control ability to change environment variables. Used for the pam_env.so library.
* time – Allows time restrictions to be applied to services and user privileges. Used for the pam_time.so library.