Linux-PAM Developers' Guide
Version
1.1.2
Language
English
中文
Back to index
The System Administrators' Guide
1. Introduction
2. Some comments on the text
3. Overview
4. The Linux-PAM configuration file
4.1. Configuration file syntax
4.1. Configuration file syntax
4.2. Directory based configuration
4.3. Example configuration file entries
5. Security issues
5.1. If something goes wrong
5.1. If something goes wrong
5.2. Avoid having a weak `other' configuration
6. A reference guide for available modules
6.1. pam_access - logdaemon style login access control
6.1. pam_access - logdaemon style login access control
6.2. pam_cracklib - checks the password against dictionary words
6.3. pam_debug - debug the PAM stack
6.4. pam_deny - locking-out PAM module
6.5. pam_echo - print text messages
6.6. pam_env - set/unset environment variables
6.7. pam_exec - call an external command
6.8. pam_faildelay - change the delay on failure per-application
6.9. pam_filter - filter module
6.10. pam_ftp - module for anonymous access
6.11. pam_group - module to modify group access
6.12. pam_issue - add issue file to user prompt
6.13. pam_keyinit - display the keyinit file
6.14. pam_lastlog - display date of last login
6.15. pam_limits - limit resources
6.16. pam_listfile - deny or allow services based on an arbitrary file
6.17. pam_localuser - require users to be listed in /etc/passwd
6.18. pam_loginuid - record user's login uid to the process attribute
6.19. pam_mail - inform about available mail
6.20. pam_mkhomedir - create users home directory
6.21. pam_motd - display the motd file
6.22. pam_namespace - setup a private namespace
6.23. pam_nologin - prevent non-root users from login
6.24. pam_permit - the promiscuous module
6.25. pam_pwhistory - grant access using .pwhistory file
6.26. pam_rhosts - grant access using .rhosts file
6.27. pam_rootok - gain only root access
6.28. pam_securetty - limit root login to special devices
6.29. pam_selinux - set the default security context
6.30. pam_shells - check for valid login shell
6.31. pam_succeed_if - test account characteristics
6.32. pam_tally - login counter (tallying) module
6.33. pam_tally2 - login counter (tallying) module
6.34. pam_time - time controlled access
6.35. pam_timestamp - authenticate using cached successful authentication attempts
6.36. pam_umask - set the file mode creation mask
6.37. pam_unix - traditional password authentication
6.38. pam_userdb - authenticate against a db database
6.39. pam_warn - logs all PAM items
6.40. pam_wheel - only permit root access to members of group wheel
6.41. pam_xauth - forward xauth keys between users
7. See also
8. Author/acknowledgments
9. Copyright information for this document
The Module Writers' Guide
1. Introduction
1.1. Description
1.1. Description
1.2. Synopsis
2. What can be expected by the module
2.1. Getting and setting PAM_ITEMs and data
2.1. Getting and setting PAM_ITEMs and data
2.1.1. Set module internal data
2.1.1. Set module internal data
2.1.2. Get module internal data
2.1.3. Setting PAM items
2.1.4. Getting PAM items
2.1.5. Get user name
2.1.6. The conversation function
2.1.7. Set or change PAM environment variable
2.1.8. Get a PAM environment variable
2.1.9. Getting the PAM environment
2.2. Other functions provided by libpam
2.2.1. Strings describing PAM error codes
2.2.1. Strings describing PAM error codes
2.2.2. Request a delay on failure
3. What is expected of a module
3.1. Overview
3.1. Overview
3.1.1. Functional independence
3.1.1. Functional independence
3.1.2. Minimizing administration problems
3.1.3. Arguments supplied to the module
3.2. Authentication management
3.2.1. Service function for user authentication
3.2.1. Service function for user authentication
3.2.2. Service function to alter credentials
3.3. Account management
3.3.1. Service function for account management
3.3.1. Service function for account management
3.4. Session management
3.4.1. Service function to start session management
3.4.1. Service function to start session management
3.4.2. Service function to terminate session management
3.5. Authentication token management
3.5.1. Service function to alter authentication token
3.5.1. Service function to alter authentication token
4. Generic optional arguments
5. Programming notes
5.1. Security issues for module creation
5.1. Security issues for module creation
5.1.1. Sufficient resources
5.1.1. Sufficient resources
5.1.2. Who´s who?
5.1.3. Using the conversation function
5.1.4. Authentication tokens
5.2. Use of syslog(3)
5.3. Modules that require system libraries
6. An example module
7. See also
8. Author/acknowledgments
9. Copyright information for this document
The Application Developers' Guide
1. Introduction
1.1. Description
1.1. Description
1.2. Synopsis
2. Overview
3. The public interface to Linux-PAM
3.1. What can be expected by the application
3.1. What can be expected by the application
3.1.1. Initialization of PAM transaction
3.1.1. Initialization of PAM transaction
3.1.2. Termination of PAM transaction
3.1.3. Setting PAM items
3.1.4. Getting PAM items
3.1.5. Strings describing PAM error codes
3.1.6. Request a delay on failure
3.1.7. Authenticating the user
3.1.8. Setting user credentials
3.1.9. Account validation management
3.1.10. Updating authentication tokens
3.1.11. Start PAM session management
3.1.12. terminating PAM session management
3.1.13. Set or change PAM environment variable
3.1.14. Get a PAM environment variable
3.1.15. Getting the PAM environment
3.2. What is expected of an application
3.2.1. The conversation function
3.2.1. The conversation function
3.3. Programming notes
4. Security issues of Linux-PAM
4.1. Care about standard library calls
4.1. Care about standard library calls
4.2. Choice of a service name
4.3. The conversation function
4.4. The identity of the user
4.5. Sufficient resources
5. A library of miscellaneous helper functions
5.1. Functions supplied
5.1. Functions supplied
5.1.1. Text based conversation function
5.1.1. Text based conversation function
5.1.2. Transcribing an environment to that of PAM
5.1.3. Liberating a locally saved environment
5.1.4. BSD like PAM environment variable setting
6. Porting legacy applications
7. Glossary of PAM related terms
8. An example application
9. Files
10. See also
11. Author/acknowledgments
12. Copyright information for this document
中文
English
Sign up
Sign in
A
A
Serif
Sans
White
Sepia
Night
Home
API Docs
Tools
Home
API Docs
Tools
Chapter 4. Security issues of Linux-PAM
Table of Contents
4.1. Care about standard library calls
4.2. Choice of a service name
4.3. The conversation function
4.4. The identity of the user
4.5. Sufficient resources
Linux-PAM Developers' Guide