Thursday February 24, 2005 pam.conf: clarity within the storm
Geez, what a mystery this little file can be. It's also the second half of my presentation topics around Native LDAP for CEC this year.The pam.conf file is affected by what services and values are supported; whether the service support Name Switching Services(NSS) through the nsswitch.conf file; or by the libraries supporting PAM (Pluggable Authentication Modules).
My topics include a brief discussion on services and NSS and how they interact with PAM.
I spend some time discussing "modules" and "stacks" and how they work in PAM.
I spend a little time with the components of a module -- outlining them, defining them, etc.
A module (in a line) contains up to 5 items: service, module type, control flags, module path, and options.
I spend a lot of time with control flags (optional, binding, requisite, required, and sufficient). Each control flag processes a "success" and a "failure" differently; and as a result, affects the integration of that module and other modules in the same stack.
I also spend some time with the options (debug, server_policy, try_first_pass, and use_first_pass). As with modules these options can affect the operation of the stack.
My takeways from the class will include deployment examples, some notes, a detailed commentary on a PAM stack processing, and hopefully a little enlightenment.
( Feb 24 2005, 10:39:10 AM CST ) Permalink Comments [2]
Posted by bbr on February 24, 2005 at 11:54 AM CST #
Posted by James Dickens on June 08, 2005 at 01:53 PM CDT #