path: root/doc/man/PAM.8
diff options
authorThorsten Kukuk <>2006-03-12 21:29:44 +0000
committerThorsten Kukuk <>2006-03-12 21:29:44 +0000
commit9569b246d900234c4276c46181147c24e5a6ec43 (patch)
tree30f38c358f104fd3835849c47506463902ba5ae6 /doc/man/PAM.8
parentd1623a3eec7265ad6be1b13292d19718d7816478 (diff)
Relevant BUGIDs:
Purpose of commit: new feature Commit summary: --------------- More manual pages 2006-03-12 Thorsten Kukuk <> * doc/man/ Add new manual pages. * doc/man/pam.conf.5.xml: Replace link with content of PAM admin guide. * doc/man/pam.conf.5: Regenerated from XML file. * doc/man/pam_info.3.xml: New. * doc/man/pam_info.3: New, generated from XML file. * doc/man/pam_vinfo.3: New, generated from XML file. * doc/man/pam_conv.3.xml: New. * doc/man/pam_conv.3: New, generated from XML file. * doc/man/pam_putenv.3.xml: New. * doc/man/pam_putenv.3: New, generated from XML file. * doc/man/pam_getenv.3.xml: New. * doc/man/pam_getenv.3: New, generated from XML file. * doc/man/pam_getenvlist.3.xml: New. * doc/man/pam_getenvlist.3: New, generated from XML file.
Diffstat (limited to 'doc/man/PAM.8')
1 files changed, 99 insertions, 0 deletions
diff --git a/doc/man/PAM.8 b/doc/man/PAM.8
new file mode 100644
index 00000000..3622ef7e
--- /dev/null
+++ b/doc/man/PAM.8
@@ -0,0 +1,99 @@
+.\" ** You probably do not want to edit this file directly **
+.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
+.\" Instead of manually editing it, you probably should edit the DocBook XML
+.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.TH "PAM" "8" "03/12/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.\" disable hyphenation
+.\" disable justification (adjust text to left margin only) l
+PAM, pam \- Pluggable Authentication Modules for Linux
+This manual is intended to offer a quick introduction to
+\fILinux\-PAM\fR. For more information the reader is directed to the
+\fILinux\-PAM system administrators' guide\fR.
+Is a system of libraries that handle the authentication tasks of applications (services) on the system. The library provides a stable general interface (Application Programming Interface \- API) that privilege granting programs (such as
+\fBsu\fR(1)) defer to to perform standard authentication tasks.
+The principal feature of the PAM approach is that the nature of the authentication is dynamically configurable. In other words, the system administrator is free to choose how individual service\-providing applications will authenticate users. This dynamic configuration is set by the contents of the single
+configuration file
+\fI/etc/pam.conf\fR. Alternatively, the configuration can be set by individual configuration files located in the
+\fIThe presence of this directory will cause \fR\fILinux\-PAM\fR\fI to ignore\fR\fI/etc/pam.conf\fR.
+From the point of view of the system administrator, for whom this manual is provided, it is not of primary importance to understand the internal behavior of the
+library. The important point to recognize is that the configuration file(s)
+the connection between applications
+(\fIservices\fR) and the pluggable authentication modules
+(\fIPAM\fRs) that perform the actual authentication tasks.
+separates the tasks of
+into four independent management groups:
+\fIauth\fRentication management;
+management; and
+management. (We highlight the abbreviations used for these groups in the configuration file.)
+Simply put, these groups take care of different aspects of a typical user's request for a restricted service:
+\- provide account verification types of service: has the user's password expired?; is this user permitted access to the requested service?
+\fIauth\fRentication \- authenticate a user and set up user credentials. Typically this is via some challenge\-response request that the user must satisfy: if you are who you claim to be please enter your password. Not all authentications are of this type, there exist hardware based authentication schemes (such as the use of smart\-cards and biometric devices), with suitable modules, these may be substituted seamlessly for more standard approaches to authentication \- such is the flexibility of
+\- this group's responsibility is the task of updating authentication mechanisms. Typically, such services are strongly coupled to those of the
+group. Some authentication mechanisms lend themselves well to being updated with such a function. Standard UN*X password\-based access is the obvious example: please enter a replacement password.
+\- this group of tasks cover things that should be done prior to a service being given and after it is withdrawn. Such tasks include the maintenance of audit trails and the mounting of the user's home directory. The
+management group is important as it provides both an opening and closing hook for modules to affect the services available to a user.
+\- the configuration file\fI/etc/pam.d/\fR
+\- the
+configuration directory. Generally, if this directory is present, the
+file is ignored.\fI/lib/\fR
+\- the dynamic library\fI/lib/security/*.so\fR
+\- the PAMs
+Typically errors generated by the
+system of libraries, will be written to
+DCE\-RFC 86.0, October 1995.Contains additional features, but remains backwardly compatible with this RFC.
+None known.
+The three
+Guides, for
+\fIsystem administrators\fR,
+\fImodule developers\fR, and
+\fIapplication developers\fR.