diff options
Diffstat (limited to 'doc/man/pam.8.xml')
-rw-r--r-- | doc/man/pam.8.xml | 186 |
1 files changed, 0 insertions, 186 deletions
diff --git a/doc/man/pam.8.xml b/doc/man/pam.8.xml deleted file mode 100644 index 1267f01c..00000000 --- a/doc/man/pam.8.xml +++ /dev/null @@ -1,186 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> - -<refentry id='pam8'> - - <refmeta> - <refentrytitle>pam</refentrytitle> - <manvolnum>8</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id='pam8-name'> - <refname>PAM</refname> - <refname>pam</refname> - <refpurpose>Pluggable Authentication Modules for Linux</refpurpose> - </refnamediv> - - <refsect1 id='pam8-description'> - <title>DESCRIPTION</title> - <para> - This manual is intended to offer a quick introduction to - <emphasis remap='B'>Linux-PAM</emphasis>. For more information - the reader is directed to the - <emphasis remap='B'>Linux-PAM system administrators' guide</emphasis>. - </para> - - <para> - <emphasis remap='B'>Linux-PAM</emphasis> is a system of libraries - that handle the authentication tasks of applications (services) on - the system. The library provides a stable general interface - (Application Programming Interface - API) that privilege granting - programs (such as <citerefentry> - <refentrytitle>login</refentrytitle><manvolnum>1</manvolnum> - </citerefentry> and <citerefentry> - <refentrytitle>su</refentrytitle><manvolnum>1</manvolnum> - </citerefentry>) defer to to perform standard authentication tasks. - </para> - - <para> - The principal feature of the PAM approach is that the nature of the - authentication is dynamically configurable. In other words, the - system administrator is free to choose how individual - service-providing applications will authenticate users. This dynamic - configuration is set by the contents of the single - <emphasis remap='B'>Linux-PAM</emphasis> configuration file - <filename>/etc/pam.conf</filename>. Alternatively, the configuration - can be set by individual configuration files located in the - <filename>/etc/pam.d/</filename> directory. The presence of this - directory will cause <emphasis remap='B'>Linux-PAM</emphasis> to - <emphasis remap='I'>ignore</emphasis> - <filename>/etc/pam.conf</filename>. - </para> - - -<para>From the point of view of the system administrator, for whom this -manual is provided, it is not of primary importance to understand the -internal behavior of the -<emphasis remap='B'>Linux-PAM</emphasis> -library. The important point to recognize is that the configuration -file(s) -<emphasis remap='I'>define</emphasis> -the connection between applications -<emphasis remap='B'></emphasis>(<emphasis remap='B'>services</emphasis>) -and the pluggable authentication modules -<emphasis remap='B'></emphasis>(<emphasis remap='B'>PAM</emphasis>s) -that perform the actual authentication tasks.</para> - - -<para><emphasis remap='B'>Linux-PAM</emphasis> -separates the tasks of -<emphasis remap='I'>authentication</emphasis> -into four independent management groups: -<emphasis remap='B'>account</emphasis> management; -<emphasis remap='B'>auth</emphasis>entication management; -<emphasis remap='B'>password</emphasis> management; -and -<emphasis remap='B'>session</emphasis> management. -(We highlight the abbreviations used for these groups in the -configuration file.)</para> - - -<para>Simply put, these groups take care of different aspects of a typical -user's request for a restricted service:</para> - - -<para><emphasis remap='B'>account</emphasis> - -provide account verification types of service: has the user's password -expired?; is this user permitted access to the requested service?</para> - -<!-- .br --> -<para><emphasis remap='B'>auth</emphasis>entication - -authenticate a user and set up user credentials. Typically this is via -some challenge-response request that the user must satisfy: if you are -who you claim to be please enter your password. Not all authentications -are of this type, there exist hardware based authentication schemes -(such as the use of smart-cards and biometric devices), with suitable -modules, these may be substituted seamlessly for more standard -approaches to authentication - such is the flexibility of -<emphasis remap='B'>Linux-PAM</emphasis>.</para> - -<!-- .br --> -<para><emphasis remap='B'>password</emphasis> - -this group's responsibility is the task of updating authentication -mechanisms. Typically, such services are strongly coupled to those of -the -<emphasis remap='B'>auth</emphasis> -group. Some authentication mechanisms lend themselves well to being -updated with such a function. Standard UN*X password-based access is -the obvious example: please enter a replacement password.</para> - -<!-- .br --> -<para><emphasis remap='B'>session</emphasis> - -this group of tasks cover things that should be done prior to a -service being given and after it is withdrawn. Such tasks include the -maintenance of audit trails and the mounting of the user's home -directory. The -<emphasis remap='B'>session</emphasis> -management group is important as it provides both an opening and -closing hook for modules to affect the services available to a user.</para> - -</refsect1> - - <refsect1 id='pam8-files'> - <title>FILES</title> - <variablelist> - <varlistentry> - <term><filename>/etc/pam.conf</filename></term> - <listitem> - <para>the configuration file</para> - </listitem> - </varlistentry> - <varlistentry> - <term><filename>/etc/pam.d</filename></term> - <listitem> - <para> - the <emphasis remap='B'>Linux-PAM</emphasis> configuration - directory. Generally, if this directory is present, the - <filename>/etc/pam.conf</filename> file is ignored. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id='pam8-errors'> - <title>ERRORS</title> - <para> - Typically errors generated by the - <emphasis remap='B'>Linux-PAM</emphasis> system of libraries, will - be written to <citerefentry> - <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>. - </para> - </refsect1> - - <refsect1 id='pam8-conforming_to'> - <title>CONFORMING TO</title> - <para> - DCE-RFC 86.0, October 1995. - Contains additional features, but remains backwardly compatible - with this RFC. - </para> - </refsect1> - - <refsect1 id='pam8-see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_sm_setcred</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> - </para> - </refsect1> -</refentry> |