Ana Sayfa Keşfet Yardım
Giriş Yap
SoftwareDesign
/
csu3_am335x
8
0
Çatalla 0
Dosyalar Sorunlar 0 Değişiklik İstekleri 0 Wiki
Dal: master
Dallar Biçim İmleri
csu3_am335x
/
EVSE
/
GPL
/
linux-pam-1.5.2
/
doc
/
man
/
pam.8.xml

pam.8.xml 8.2 KB
Kalıcı Bağlantı Geçmiş Ham

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216 
  1. <?xml version="1.0" encoding="UTF-8"?>
    2. 

  2. <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
    3. 

  3.                    "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
    4. 

  4. 

  5. <refentry id='pam8'>
    6. 

  6. 

  7.   <refmeta>
    8. 

  8.     <refentrytitle>pam</refentrytitle>
    9. 

  9.     <manvolnum>8</manvolnum>
    10. 

  10.     <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
    11. 

  11.   </refmeta>
    12. 

  12. 

  13.   <refnamediv id='pam8-name'>
    14. 

  14.     <refname>PAM</refname>
    15. 

  15.     <refname>pam</refname>
    16. 

  16.     <refpurpose>Pluggable Authentication Modules for Linux</refpurpose>
    17. 

  17.   </refnamediv>
    18. 

  18. 

  19.   <refsect1 id='pam8-description'>
    20. 

  20.     <title>DESCRIPTION</title>
    21. 

  21.     <para>
    22. 

  22.       This manual is intended to offer a quick introduction to
    23. 

  23.       <emphasis remap='B'>Linux-PAM</emphasis>. For more information
    24. 

  24.       the reader is directed to the
    25. 

  25.       <emphasis remap='B'>Linux-PAM system administrators' guide</emphasis>.
    26. 

  26.     </para>
    27. 

  27. 

  28.     <para>
    29. 

  29.       <emphasis remap='B'>Linux-PAM</emphasis> is a system of libraries
    30. 

  30.       that handle the authentication tasks of applications (services) on
    31. 

  31.       the system. The library provides a stable general interface
    32. 

  32.       (Application Programming Interface - API) that privilege granting
    33. 

  33.       programs (such as <citerefentry>
    34. 

  34.       <refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
    35. 

  35.       </citerefentry> and <citerefentry>
    36. 

  36.       <refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
    37. 

  37.       </citerefentry>) defer to to perform standard authentication tasks.
    38. 

  38.     </para>
    39. 

  39. 

  40.     <para>
    41. 

  41.       The principal feature of the PAM approach is that the nature of the
    42. 

  42.       authentication is dynamically configurable.  In other words, the
    43. 

  43.       system administrator is free to choose how individual
    44. 

  44.       service-providing applications will authenticate users. This dynamic
    45. 

  45.       configuration is set by the contents of the single
    46. 

  46.       <emphasis remap='B'>Linux-PAM</emphasis> configuration file
    47. 

  47.       <filename>/etc/pam.conf</filename>. Alternatively, the configuration
    48. 

  48.       can be set by individual configuration files located in the
    49. 

  49.       <filename>/etc/pam.d/</filename> directory. The presence of this
    50. 

  50.       directory will cause <emphasis remap='B'>Linux-PAM</emphasis> to
    51. 

  51.       <emphasis remap='I'>ignore</emphasis> <filename>/etc/pam.conf</filename>.
    52. 

  52.     </para>
    53. 

  53. 

  54.     <para>
    55. 

  55.       Vendor-supplied PAM configuration files might be installed in
    56. 

  56.       the system directory <filename>/usr/lib/pam.d/</filename> or
    57. 

  57.       a configurable vendor specific directory instead
    58. 

  58.       of the machine configuration directory <filename>/etc/pam.d/</filename>.
    59. 

  59.       If no machine configuration file is found, the vendor-supplied file
    60. 

  60.       is used. All files in <filename>/etc/pam.d/</filename> override
    61. 

  61.       files with the same name in other directories.
    62. 

  62.     </para>
    63. 

  63. 

  64. <para>From the point of view of the system administrator, for whom this
    65. 

  65. manual is provided, it is not of primary importance to understand the
    66. 

  66. internal behavior of the
    67. 

  67. <emphasis remap='B'>Linux-PAM</emphasis>
    68. 

  68. library.  The important point to recognize is that the configuration
    69. 

  69. file(s)
    70. 

  70. <emphasis remap='I'>define</emphasis>
    71. 

  71. the connection between applications
    72. 

  72. <emphasis remap='B'></emphasis>(<emphasis remap='B'>services</emphasis>)
    73. 

  73. and the pluggable authentication modules
    74. 

  74. <emphasis remap='B'></emphasis>(<emphasis remap='B'>PAM</emphasis>s)
    75. 

  75. that perform the actual authentication tasks.</para>
    76. 

  76. 

  77. 

  78. <para><emphasis remap='B'>Linux-PAM</emphasis>
    79. 

  79. separates the tasks of
    80. 

  80. <emphasis remap='I'>authentication</emphasis>
    81. 

  81. into four independent management groups:
    82. 

  82. <emphasis remap='B'>account</emphasis> management;
    83. 

  83. <emphasis remap='B'>auth</emphasis>entication management;
    84. 

  84. <emphasis remap='B'>password</emphasis> management;
    85. 

  85. and
    86. 

  86. <emphasis remap='B'>session</emphasis> management.
    87. 

  87. (We highlight the abbreviations used for these groups in the
    88. 

  88. configuration file.)</para>
    89. 

  89. 

  90. 

  91. <para>Simply put, these groups take care of different aspects of a typical
    92. 

  92. user's request for a restricted service:</para>
    93. 

  93. 

  94. 

  95. <para><emphasis remap='B'>account</emphasis> -
    96. 

  96. provide account verification types of service: has the user's password
    97. 

  97. expired?; is this user permitted access to the requested service?</para>
    98. 

  98. 

  99. <!-- .br -->
    100. 

  100. <para><emphasis remap='B'>auth</emphasis>entication -
    101. 

  101. authenticate a user and set up user credentials. Typically this is via
    102. 

  102. some challenge-response request that the user must satisfy: if you are
    103. 

  103. who you claim to be please enter your password. Not all authentications
    104. 

  104. are of this type, there exist hardware based authentication schemes
    105. 

  105. (such as the use of smart-cards and biometric devices), with suitable
    106. 

  106. modules, these may be substituted seamlessly for more standard
    107. 

  107. approaches to authentication - such is the flexibility of
    108. 

  108. <emphasis remap='B'>Linux-PAM</emphasis>.</para>
    109. 

  109. 

  110. <!-- .br -->
    111. 

  111. <para><emphasis remap='B'>password</emphasis> -
    112. 

  112. this group's responsibility is the task of updating authentication
    113. 

  113. mechanisms. Typically, such services are strongly coupled to those of
    114. 

  114. the
    115. 

  115. <emphasis remap='B'>auth</emphasis>
    116. 

  116. group. Some authentication mechanisms lend themselves well to being
    117. 

  117. updated with such a function. Standard UN*X password-based access is
    118. 

  118. the obvious example: please enter a replacement password.</para>
    119. 

  119. 

  120. <!-- .br -->
    121. 

  121. <para><emphasis remap='B'>session</emphasis> -
    122. 

  122. this group of tasks cover things that should be done prior to a
    123. 

  123. service being given and after it is withdrawn. Such tasks include the
    124. 

  124. maintenance of audit trails and the mounting of the user's home
    125. 

  125. directory. The
    126. 

  126. <emphasis remap='B'>session</emphasis>
    127. 

  127. management group is important as it provides both an opening and
    128. 

  128. closing hook for modules to affect the services available to a user.</para>
    129. 

  129. 

  130. </refsect1>
    131. 

  131. 

  132.   <refsect1 id='pam8-files'>
    133. 

  133.     <title>FILES</title>
    134. 

  134.     <variablelist>
    135. 

  135.       <varlistentry>
    136. 

  136.         <term><filename>/etc/pam.conf</filename></term>
    137. 

  137.         <listitem>
    138. 

  138.           <para>the configuration file</para>
    139. 

  139.         </listitem>
    140. 

  140.       </varlistentry>
    141. 

  141.       <varlistentry>
    142. 

  142.         <term><filename>/etc/pam.d</filename></term>
    143. 

  143.         <listitem>
    144. 

  144.           <para>
    145. 

  145.             the <emphasis remap='B'>Linux-PAM</emphasis> configuration
    146. 

  146.             directory. Generally, if this directory is present, the
    147. 

  147.             <filename>/etc/pam.conf</filename> file is ignored.
    148. 

  148.           </para>
    149. 

  149.         </listitem>
    150. 

  150.       </varlistentry>
    151. 

  151.       <varlistentry>
    152. 

  152.         <term><filename>/usr/lib/pam.d</filename></term>
    153. 

  153.         <listitem>
    154. 

  154.           <para>
    155. 

  155.             the <emphasis remap='B'>Linux-PAM</emphasis> vendor configuration
    156. 

  156.             directory. Files in <filename>/etc/pam.d</filename> override
    157. 

  157.             files with the same name in this directory.
    158. 

  158.           </para>
    159. 

  159.         </listitem>
    160. 

  160.       </varlistentry>
    161. 

  161.       <varlistentry>
    162. 

  162.         <term><filename>%vendordir%/pam.d</filename></term>
    163. 

  163.         <listitem>
    164. 

  164.           <para>
    165. 

  165.             the <emphasis remap='B'>Linux-PAM</emphasis> vendor configuration
    166. 

  166. 	    directory. Files in <filename>/etc/pam.d</filename> and
    167. 

  167. 	    <filename>/usr/lib/pam.d</filename> override files with the same
    168. 

  168. 	    name in this directory. Only available if Linux-PAM was compiled
    169. 

  169. 	    with vendordir enabled.
    170. 

  170.           </para>
    171. 

  171.         </listitem>
    172. 

  172.       </varlistentry>
    173. 

  173.     </variablelist>
    174. 

  174.   </refsect1>
    175. 

  175. 

  176.   <refsect1 id='pam8-errors'>
    177. 

  177.     <title>ERRORS</title>
    178. 

  178.     <para>
    179. 

  179.       Typically errors generated by the
    180. 

  180.       <emphasis remap='B'>Linux-PAM</emphasis> system of libraries, will
    181. 

  181.       be written to <citerefentry>
    182. 

  182.       <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum>
    183. 

  183.       </citerefentry>.
    184. 

  184.     </para>
    185. 

  185.   </refsect1>
    186. 

  186. 

  187.   <refsect1 id='pam8-conforming_to'>
    188. 

  188.     <title>CONFORMING TO</title>
    189. 

  189.     <para>
    190. 

  190.       DCE-RFC 86.0, October 1995.
    191. 

  191.       Contains additional features, but remains backwardly compatible
    192. 

  192.       with this RFC.
    193. 

  193.     </para>
    194. 

  194.   </refsect1>
    195. 

  195. 

  196.   <refsect1 id='pam8-see_also'>
    197. 

  197.     <title>SEE ALSO</title>
    198. 

  198.     <para>
    199. 

  199.       <citerefentry>
    200. 

  200.         <refentrytitle>pam</refentrytitle><manvolnum>3</manvolnum>
    201. 

  201.       </citerefentry>,
    202. 

  202.       <citerefentry>
    203. 

  203.         <refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum>
    204. 

  204.       </citerefentry>,
    205. 

  205.       <citerefentry>
    206. 

  206.         <refentrytitle>pam_sm_setcred</refentrytitle><manvolnum>3</manvolnum>
    207. 

  207.       </citerefentry>,
    208. 

  208.       <citerefentry>
    209. 

  209.         <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum>
    210. 

  210.       </citerefentry>,
    211. 

  211.       <citerefentry>
    212. 

  212.         <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum>
    213. 

  213.       </citerefentry>
    214. 

  214.     </para>
    215. 

  215.   </refsect1>
    216. 

  216. </refentry>
    217.