Logo Linux-PAM Developers' Guide
Back to index
  • The System Administrators' Guide
    • 1. Introduction
    • 2. Some comments on the text
    • 3. Overview
    • 4. The Linux-PAM configuration file
    • 4.1. Configuration file syntax
      • 4.1. Configuration file syntax
      • 4.2. Directory based configuration
      • 4.3. Example configuration file entries
    • 5. Security issues
    • 5.1. If something goes wrong
      • 5.1. If something goes wrong
      • 5.2. Avoid having a weak `other' configuration
    • 6. A reference guide for available modules
    • 6.1. pam_access - logdaemon style login access control
      • 6.1. pam_access - logdaemon style login access control
      • 6.2. pam_cracklib - checks the password against dictionary words
      • 6.3. pam_debug - debug the PAM stack
      • 6.4. pam_deny - locking-out PAM module
      • 6.5. pam_echo - print text messages
      • 6.6. pam_env - set/unset environment variables
      • 6.7. pam_exec - call an external command
      • 6.8. pam_faildelay - change the delay on failure per-application
      • 6.9. pam_filter - filter module
      • 6.10. pam_ftp - module for anonymous access
      • 6.11. pam_group - module to modify group access
      • 6.12. pam_issue - add issue file to user prompt
      • 6.13. pam_keyinit - display the keyinit file
      • 6.14. pam_lastlog - display date of last login
      • 6.15. pam_limits - limit resources
      • 6.16. pam_listfile - deny or allow services based on an arbitrary file
      • 6.17. pam_localuser - require users to be listed in /etc/passwd
      • 6.18. pam_loginuid - record user's login uid to the process attribute
      • 6.19. pam_mail - inform about available mail
      • 6.20. pam_mkhomedir - create users home directory
      • 6.21. pam_motd - display the motd file
      • 6.22. pam_namespace - setup a private namespace
      • 6.23. pam_nologin - prevent non-root users from login
      • 6.24. pam_permit - the promiscuous module
      • 6.25. pam_pwhistory - grant access using .pwhistory file
      • 6.26. pam_rhosts - grant access using .rhosts file
      • 6.27. pam_rootok - gain only root access
      • 6.28. pam_securetty - limit root login to special devices
      • 6.29. pam_selinux - set the default security context
      • 6.30. pam_shells - check for valid login shell
      • 6.31. pam_succeed_if - test account characteristics
      • 6.32. pam_tally - login counter (tallying) module
      • 6.33. pam_tally2 - login counter (tallying) module
      • 6.34. pam_time - time controlled access
      • 6.35. pam_timestamp - authenticate using cached successful authentication attempts
      • 6.36. pam_umask - set the file mode creation mask
      • 6.37. pam_unix - traditional password authentication
      • 6.38. pam_userdb - authenticate against a db database
      • 6.39. pam_warn - logs all PAM items
      • 6.40. pam_wheel - only permit root access to members of group wheel
      • 6.41. pam_xauth - forward xauth keys between users
    • 7. See also
    • 8. Author/acknowledgments
    • 9. Copyright information for this document
  • The Module Writers' Guide
    • 1. Introduction
    • 1.1. Description
      • 1.1. Description
      • 1.2. Synopsis
    • 2. What can be expected by the module
    • 2.1. Getting and setting PAM_ITEMs and data
      • 2.1. Getting and setting PAM_ITEMs and data
      • 2.1.1. Set module internal data
        • 2.1.1. Set module internal data
        • 2.1.2. Get module internal data
        • 2.1.3. Setting PAM items
        • 2.1.4. Getting PAM items
        • 2.1.5. Get user name
        • 2.1.6. The conversation function
        • 2.1.7. Set or change PAM environment variable
        • 2.1.8. Get a PAM environment variable
        • 2.1.9. Getting the PAM environment
      • 2.2. Other functions provided by libpam
      • 2.2.1. Strings describing PAM error codes
        • 2.2.1. Strings describing PAM error codes
        • 2.2.2. Request a delay on failure
    • 3. What is expected of a module
    • 3.1. Overview
      • 3.1. Overview
      • 3.1.1. Functional independence
        • 3.1.1. Functional independence
        • 3.1.2. Minimizing administration problems
        • 3.1.3. Arguments supplied to the module
      • 3.2. Authentication management
      • 3.2.1. Service function for user authentication
        • 3.2.1. Service function for user authentication
        • 3.2.2. Service function to alter credentials
      • 3.3. Account management
      • 3.3.1. Service function for account management
        • 3.3.1. Service function for account management
      • 3.4. Session management
      • 3.4.1. Service function to start session management
        • 3.4.1. Service function to start session management
        • 3.4.2. Service function to terminate session management
      • 3.5. Authentication token management
      • 3.5.1. Service function to alter authentication token
        • 3.5.1. Service function to alter authentication token
    • 4. Generic optional arguments
    • 5. Programming notes
    • 5.1. Security issues for module creation
      • 5.1. Security issues for module creation
      • 5.1.1. Sufficient resources
        • 5.1.1. Sufficient resources
        • 5.1.2. Who´s who?
        • 5.1.3. Using the conversation function
        • 5.1.4. Authentication tokens
      • 5.2. Use of syslog(3)
      • 5.3. Modules that require system libraries
    • 6. An example module
    • 7. See also
    • 8. Author/acknowledgments
    • 9. Copyright information for this document
  • The Application Developers' Guide
    • 1. Introduction
    • 1.1. Description
      • 1.1. Description
      • 1.2. Synopsis
    • 2. Overview
    • 3. The public interface to Linux-PAM
    • 3.1. What can be expected by the application
      • 3.1. What can be expected by the application
      • 3.1.1. Initialization of PAM transaction
        • 3.1.1. Initialization of PAM transaction
        • 3.1.2. Termination of PAM transaction
        • 3.1.3. Setting PAM items
        • 3.1.4. Getting PAM items
        • 3.1.5. Strings describing PAM error codes
        • 3.1.6. Request a delay on failure
        • 3.1.7. Authenticating the user
        • 3.1.8. Setting user credentials
        • 3.1.9. Account validation management
        • 3.1.10. Updating authentication tokens
        • 3.1.11. Start PAM session management
        • 3.1.12. terminating PAM session management
        • 3.1.13. Set or change PAM environment variable
        • 3.1.14. Get a PAM environment variable
        • 3.1.15. Getting the PAM environment
      • 3.2. What is expected of an application
      • 3.2.1. The conversation function
        • 3.2.1. The conversation function
      • 3.3. Programming notes
    • 4. Security issues of Linux-PAM
    • 4.1. Care about standard library calls
      • 4.1. Care about standard library calls
      • 4.2. Choice of a service name
      • 4.3. The conversation function
      • 4.4. The identity of the user
      • 4.5. Sufficient resources
    • 5. A library of miscellaneous helper functions
    • 5.1. Functions supplied
      • 5.1. Functions supplied
      • 5.1.1. Text based conversation function
        • 5.1.1. Text based conversation function
        • 5.1.2. Transcribing an environment to that of PAM
        • 5.1.3. Liberating a locally saved environment
        • 5.1.4. BSD like PAM environment variable setting
    • 6. Porting legacy applications
    • 7. Glossary of PAM related terms
    • 8. An example application
    • 9. Files
    • 10. See also
    • 11. Author/acknowledgments
    • 12. Copyright information for this document
Home API Docs Tools
Home
API Docs
Tools

Chapter 4. Security issues of Linux-PAM

Table of Contents

4.1. Care about standard library calls
4.2. Choice of a service name
4.3. The conversation function
4.4. The identity of the user
4.5. Sufficient resources
Name Linux-PAM Developers' Guide
Version
Language
Badge
Last Updated 2021-07-03T16:02:23
扫码关注公众号

Docs4dev®

如果你在使用过程中遇到任何问题,可以在 这里 提issue。

蜀ICP备14021783号-6

Copyright © Docs4dev all right reserved, powered by Docs4dev