Pluggable Authentication Modules

Dag-Erling SmЬrgrav

$FreeBSD: doc/en_US.ISO8859-1/articles/pam/article.sgml,v 1.18 2002/06/21 16:42:35 des Exp $

This article describes the underlying principles and mechanisms of the Pluggable Authentication Modules (PAM) library, and explains how to configure PAM, how to integrate PAM into applications, and how to write PAM modules.

Table of Contents
1. Introduction
2. Terms and conventions
3. PAM Essentials
4. PAM Configuration
5. FreeBSD PAM Modules
6. PAM Application Programming
7. PAM Module Programming
A. Sample PAM Application
B. Sample PAM Module
C. Sample PAM Conversation Function
Further Reading

1. Introduction

The Pluggable Authentication Modules (PAM) library is a generalized API for authentication-related services which allows a system administrator to add new authentication methods simply by installing new PAM modules, and to modify authentication policies by editing configuration files.

PAM was defined and developed in 1995 by Vipin Samar and Charlie Lai of Sun Microsystems, and has not changed much since. In 1997, the Open Group published the X/Open Single Sign-on (XSSO) preliminary specification, which standardized the PAM API and added extensions for single (or rather integrated) sign-on. At the time of this writing, this specification has not yet been adopted as a standard.

Although this article focuses primarily on FreeBSD 5.x, which uses OpenPAM, it should be equally applicable to FreeBSD 4.x, which uses Linux-PAM, and other operating systems such as Linux and Solaris.

1.1. Trademarks

Sun, Sun Microsystems and Solaris are trademarks or registered trademarks of Sun Microsystems, Inc.

UNIX and The Open Group are trademarks or registered trademarks of The Open Group.

All other brand or product names mentioned in this document may be trademarks or registered trademarks of their respective owners.

		Next
		Terms and conventions