Hi, > can someone throw light on pam and how it helps in validation..how to configure our > own security scripts...
You can find many nice tutorials on the Internet, search the Linux HOWTOs at www.ldp.org. Try also "man pam" and /usr/doc/pam-* PAM is actually an API that apps that need authentication call. This API in turns call any pam module you install on your system (pam modules are dymanic shared libraryes, *.so files). These modules can accept or deny authentication, and the modules called by the PAM API for any particular app are defined by the text files at /etc/pam.d. Look, for example, to /etc/pam.d/login, this file shows the pam modules the standard login process for tty terminal calls. Login simply tells PAM "check these credentials" and PAM does the rest. One module checks if the login terminal is a local one and, if not and the user is root, access is denied. Other module checks the /etc/passwd and /etc/shadow files, but this file is rarely used because most installations use the module that calls the pw* funcions from glibc, so you can use either /etc files or NIS. There's a PAM module that authenticates aginst a SMB/CIFS server (Windows NT, Samba), other that authenticates against an NCP server (Netware, mars_nwe), other to check allowed times to login, and one that authenticates against LDAP. There are modules that authenticates against MySQL or PostgerSQL databases. But these modules only validate or change passwords, they do not provide a "unix user profile", that is, uid, primary gid, home dir and shell. So you need /etc files even if you authenticate by other means using PAM. That's why NIS allows you to have unified network logons but PAM alone doesn't. So you have to look at NSS (name service switch interface) which allows the glibc pw* calls to look elsewhere besides /etc files. There are nss modules for NIS and LDAP, so you can forget your /etc files and get all user info from these sources. Maybe there are nss modules for relational databases. []s, Fernando Lozano _______________________________________________ Seawolf-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/seawolf-list
