Authentication modules in Linux/Unix – PAM

Authentication modules in Linux/Unix – PAM

Pluggable authentication modules or PAM provides a way to develop programs that are independent of authentication scheme. These programs need “authentication modules” to be attatched to them at run-time in order to work. Which authentication module is to be attatched is dependent upon the local system setup and is at the discretion of the local system administrator.

Pluggable authentication modules or PAM are a mechanism to integrate multiple low-level authentication schemes into a high-level API, which allows for programs that rely on authentication to be written independently of the underlying authentication scheme. PAM was first proposed by Sun Microsystems in an Open Software Foundation RFC dated October, 1995. It was adopted as the authentication framework of the Common Desktop Environment. As a stand-alone infrastructure, however, PAM first appeared from an open-source, Linux-PAM, development in Red Hat Linux 3.0.4 in August of 1996. PAM is currently supported in AIX, FreeBSD, HP-UX, Linux, Mac OS X, NetBSD and Solaris. PAM was later standardized as part of the X/Open UNIX standardization process, resulting in the X/Open Single Sign-on (XSSO) standard.

The pluggable nature of PAM is one reason for using dynamic linking of system binaries. However, this necessitates the availability of a recovery mechanism should a problem develop in the linker or shared libraries; for example both NetBSD and FreeBSD supply a /rescue directory containing statically linked versions of important system binaries.


Similar Posts:

Leave a Reply

Your email address will not be published.