Home > Articles > Programming > Android

  • Print
  • + Share This

AVAILABLE PAM MODULES

Table 5.15 provides a list and brief description of many available PAM modules. Some come with the Red Hat (or other) distributions, while others require downloading. Those that come with Red Hat 5.2/6.0 are so noted (and may be found at http://www.redhat.com/ for all others, a web site is specified and an author, if known, is provided. If your system already supports these modules, they will be found in either /lib/security or /usr/lib/ security. If you download and add one, make sure that you put it in the correct directory.

Table 5.15 Overview of PAM Modules

Module

Availability

Description

pam_access

Red Hat 5.2/6.0

Reads the file /etc/security/access.conf to determine whether the user/tty or user/host pair is to be granted or denied access.

pam_console

Red Hat 6.0 or publicly available

Sets up permissions and device ownership when logging in at a physical console device. Expects the /etc/security/console.perms file for permission and ownership parameters; expects the /etc/security/console.apps/ directory for services. Supports auth required and session optional module type/control flag pairs.

pam_cracklib

Red Hat 5.2/6.0

Supports only password module type. Used for checkingpassword choices against the cracklib and disallows any choices found there.

pam_deny

Red Hat 5.2/6.0

Supports all module types. Always returns a failure.

pam_env

Red Hat 5.2/6.0

Supports auth module type only. Uses the /etc/security/pam_env.conf file to set shell environment variables.

pam_filter

Red Hat 5.2/6.0

Supports all module types. This module offers the capability of capturing as much as every keystroke of a session. Requires a filter program, not included.

pam_ftp

Red Hat 5.2/6.0

Supports module type auth only. Implements anonymous ftp.

pam_group

Red Hat 5.2/6.0

Supports module type auth only. Sets GID based upon /etc/security/group.conf file (syntax nearly identical to /etc/security/time.conf, which is discussed in The /etc/security/time.conf File on page 96).

pam_if

Publicly available

Supports all module types. A simple conditional used to manage stack execution behavior. Available from http://www.dcit.cz/~kan/pam/. This module is discussed in OPIE and PAM on page 143.

pam_lastlog

Red Hat 5.2/6.0

Supports module type auth only. Used to control the display of last login information.

pam_limits

Red Hat 5.2/6.0

Supports module type session only. Uses the /etc/security/limits.conf file to determine whether or not users may log in based on available system resources.

pam_listfile

Red Hat 5.2/6.0

Supports module type auth only. Allows for the use of access control lists based on users, ttys, remote hosts, groups, and shells.

pam_mail

Red Hat 5.2/6.0

Supports module type auth only. Provides the You have new mail service.

pam_nologin

Red Hat 5.2/6.0

Supports module type auth only. Provides the check for the existence of the /etc/nologin file, which, if it exists, will display the contents of the file and fail auth.

pam_opie

Publicly available

Supports module type auth only. Presents an OPIE challenge and requires an OPIE one-time password. Available from http://www.tho.org/~andy/pam-opie.html. This module is discussed in OPIE and PAM on page 143.

pam_permit

Red Hat 5.2/6.0

Supports all module types. Always returns success.

pam_pwdb

Red Hat 5.2/6.0

Supports all module types. Replaces the pam_unix_*modules. Colocates authentication databases depending upon the /etc/pwdb.conf file.

pam_pwdfile

Publicly available

This module was announced as this book was in its final stages. It is an authentication-only module that allows for the specification of alternate password files. In this way you can configure separate passwords for various services. For example, you could have one set of usernames and passwords for IMAP and an entirely different set for everything else. You will find this module at http://espresso.ee.sun.ac.za/~cabotha/pam_pwdfile.html.

pam_radius

Red Hat 5.2/6.0

Supports module type session only. Provides the session service for users authenticated through RADIUS.

pam_rhosts_auth

Red Hat 5.2/6.0

Supports module type auth only. Provides for authentication through $HOME/.rhosts files. May be configured to allow or deny such authentication.

pam_rootok

Red Hat 5.2/6.0

Supports module type auth only. Allows the root useraccess without requiring a password. Makes sense only when used with the sufficient control flag.

pam_securetty

Red Hat 5.2/6.0

Supports module type auth only. Applies only to root.Checks to see if root is logging in from one of the devices listed in /etc/securetty. If so, it returns success; otherwise it fails.

pam_shells

Red Hat 5.2/6.0

Supports module type auth only. Authenticates users if their default shell is listed in /etc/shells.

pam_stress

Red Hat 5.2/6.0

This module is used for debugging and stress testingPAM-aware applications.

pam_tally

Red Hat 5.2/6.0

Supports module type auth only. Keeps track of the number of login attempts made and can deny access based upon a specified number of failed attempts.

pam_time

Red Hat 5.2/6.0

Supports module type account only. Restricts access based on user, tty, service, and time as specified in /etc/ security/time.conf.

pam_tcpd

Publicly available

Supports module type auth only. Implements TCP_wrappers-style access control, logging, and functionality through /etc/hosts.allow and /etc/hosts.deny. TCP_wrappers is discussed in Chapter 10. The module is available from http://web.tis.calinet.it/macchese/pam/pam_tcpd.html.

pam_unix_acct

pam_unix_auth

pam_unix_passwd

pam_unix_session

Red Hat 5.2/6.0

 

These modules provide similar functionality to pam_pwdb except that the authentication database is either /etc/ passwd or NIS

pam_unix-new

Publicly available

Incorporates the above four modules into one and implements many of the features of pam_pwdb. Available at ftp://hunter.mimuw.edu.pl/pub/users/baggins/PAM/.

pam_warn

Red Hat 5.2/6.0

Supports module types auth and password only. This module generates a log message including the remote user and remote host (if available) through the syslog utility.

pam_wheel

Red Hat 5.2/6.0

Supports module type auth only. Provides a way to restrict access to root to those users who are members of the wheel group.

pam_xauth

Red Hat 6.0 or publicly available

Supports module type session with control flag optional only. This module automatically passes X Window System magic cookies to other users (for example, through su), thus allowing effective UIDs to open X applications without requiring the use of the xhost command.


  • + Share This
  • 🔖 Save To Your Account

Related Resources

There are currently no related titles. Please check back later.