path: root/doc/man/PAM.8
diff options
Diffstat (limited to 'doc/man/PAM.8')
1 files changed, 0 insertions, 103 deletions
diff --git a/doc/man/PAM.8 b/doc/man/PAM.8
deleted file mode 100644
index 112ea7d7..00000000
--- a/doc/man/PAM.8
+++ /dev/null
@@ -1,103 +0,0 @@
-.\" Title: pam
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <>
-.\" Date: 06/27/2006
-.\" Manual: Linux\-PAM Manual
-.\" Source: Linux\-PAM Manual
-.TH "PAM" "8" "06/27/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
-.\" disable hyphenation
-.\" disable justification (adjust text to left margin only) l
-PAM, pam \- Pluggable Authentication Modules for Linux
-This manual is intended to offer a quick introduction to
-\fBLinux\-PAM\fR. For more information the reader is directed to the
-\fBLinux\-PAM system administrators' guide\fR.
-is a system of libraries that handle the authentication tasks of applications (services) on the system. The library provides a stable general interface (Application Programming Interface \- API) that privilege granting programs (such as
-\fBsu\fR(1)) defer to to perform standard authentication tasks.
-The principal feature of the PAM approach is that the nature of the authentication is dynamically configurable. In other words, the system administrator is free to choose how individual service\-providing applications will authenticate users. This dynamic configuration is set by the contents of the single
-configuration file
-\fI/etc/pam.conf\fR. Alternatively, the configuration can be set by individual configuration files located in the
-directory. The presence of this directory will cause
-From the point of view of the system administrator, for whom this manual is provided, it is not of primary importance to understand the internal behavior of the
-library. The important point to recognize is that the configuration file(s)
-the connection between applications
-(\fBservices\fR) and the pluggable authentication modules
-(\fBPAM\fRs) that perform the actual authentication tasks.
-separates the tasks of
-into four independent management groups:
-\fBauth\fRentication management;
-management; and
-management. (We highlight the abbreviations used for these groups in the configuration file.)
-Simply put, these groups take care of different aspects of a typical user's request for a restricted service:
-\- provide account verification types of service: has the user's password expired?; is this user permitted access to the requested service?
-\fBauth\fRentication \- authenticate a user and set up user credentials. Typically this is via some challenge\-response request that the user must satisfy: if you are who you claim to be please enter your password. Not all authentications are of this type, there exist hardware based authentication schemes (such as the use of smart\-cards and biometric devices), with suitable modules, these may be substituted seamlessly for more standard approaches to authentication \- such is the flexibility of
-\- this group's responsibility is the task of updating authentication mechanisms. Typically, such services are strongly coupled to those of the
-group. Some authentication mechanisms lend themselves well to being updated with such a function. Standard UN*X password\-based access is the obvious example: please enter a replacement password.
-\- this group of tasks cover things that should be done prior to a service being given and after it is withdrawn. Such tasks include the maintenance of audit trails and the mounting of the user's home directory. The
-management group is important as it provides both an opening and closing hook for modules to affect the services available to a user.
-.TP 3n
-the configuration file
-.TP 3n
-configuration directory. Generally, if this directory is present, the
-file is ignored.
-Typically errors generated by the
-system of libraries, will be written to
-DCE\-RFC 86.0, October 1995. Contains additional features, but remains backwardly compatible with this RFC.