Home > Articles > Programming > Android

Been Cracked? Just Put PAM On It!

  • Print
  • + Share This
Pluggable authentication models (PAM) allow you to configure your Linux environment with the level of security you deem necessary. This chapter from Linux System Security describes PAM and its configuration, looks at some available PAM models, and discusses several examples of PAM in use.

Pluggable Authentication Modules

Although pluggable authentication modules (PAM) cannot protect your system after it has been compromised, it can certainly help prevent the compromise to begin with. It does this through a highly configurable authentication scheme. For example, conventionally UNIX users authenticate themselves by supplying a password at the password prompt after they have typed in their username at the login prompt. In many circumstances, such as internal access to workstations, this simple form of authentication is considered sufficient. In other cases, more information is warranted. If a user wants to log in to an internal system from an external source, like the Internet, more or alternative information may be required—perhaps a one-time password. PAM provides this type of capability and much more. Most important, PAM modules allow you to configure your environment with the necessary level of security.

This chapter describes the use of pluggable authentication modules for Linux (Linux-PAM or just PAM1), as distributed with Red Hat 5.2/6.0, which provides a lot of authentication, logging, and session management flexibility. We generally describe PAM and its configuration, take a look at many of the available PAM modules, 2 and consider a number of examples.

Most recent Linux distributions include PAM. If your version does not, check out the web site:


There you will find source code and documentation. It is well worth the effort to download, compile, and integrate PAM into your system.

PAM provides a centralized mechanism for authenticating all services. It applies to login, remote logins (telnet and rlogin or rsh), ftp, Point-to-Point Protocol (PPP), and su, among others. It allows for limits on access of applications, limits of user access to specific time periods, alternate authentication methods, additional logging, and much more. In fact, PAM may be used for any Linux application! Cool! Let's see how it works.

  • + Share This
  • 🔖 Save To Your Account

Related Resources

There are currently no related titles. Please check back later.