PAM allows various authentication technologies such as Kerberos, RSA, smart cards and DCE into system entry services such as login, passwd, rlogin, telnet, ftp, and su without changing any of these services.
PAM configuration file pam.conf is used to manage how these services use PAM framework.
How it works?
Application Services (rlogin, telnet, ssh etc...) => PAM API (Refers pam.conf) => PAM Modules to manage the access
The entries in /etc/pam.conf or in PAM policy files are in one of the following formats:
"service-name module-type control-flag module-path module-options"
eg) LDAP configuration in pam.conf.
more /etc/pam.conf | grep ldap
zone03:/root# more /etc/pam.conf | grep ldap
login auth required pam_ldap.so.1 use_first_pass
rlogin auth required pam_ldap.so.1 use_first_pass
rsh auth required pam_ldap.so.1 use_first_pass
ppp auth required pam_ldap.so.1 use_first_pass
other auth required pam_ldap.so.1 use_first_pass
passwd auth required pam_ldap.so.1 use_first_pass
No comments:
Post a Comment