[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freebsd-isp
Subject:    Re: PAM
From:       Nick Rogness <nick () rogness ! net>
Date:       2001-12-29 19:50:02
[Download RAW message or body]

On Fri, 28 Dec 2001, Noah Davidson wrote:

> I have been reading about PAM.  I am completely confused how PAM can
> authenticate users.  We now have users in the standard Unix password
> file.  The server that I am looking into implementing this on is a
> sendmail server.  the biggest question is how can the users
> authenticate?  Does PAM authenticate the users, or does PAM use
> something else to actually authenticate like mysql.  Can someone
> please help me, also can someone point me somewhere I can get this
> kind of information?

	PAM by itself can not authenticate users.  The Application must
	make a call to PAM for authentication and look at the response to
	see if it is successfull.  It kinda works like this:

	1) Application sends authentication request to PAM (including
	   username/password/etc)

	2) A PAM module, configured in /etc/pam.conf for the app, tries to
	   authenticate them using the method specified for the module, eg
	   pam_mysql.so uses MySQL, pam_unix.so uses unix password file, 
	   etc.

	3) If the PAM module (in above step) is successful, it returns
	   PAM_SUCCESS flag back to the application.  Otherwise it returns
	   a PAM error.

	4) The application must look at the returned flag to see if it is
	   PAM_SUCCESS or error and take appropriate action.


	For more information checkout:

	http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/


Nick Rogness <nick@rogness.net>
 - Don't mind me...I'm just sniffing your packets


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
[prev in list] [next in list] [prev in thread] [next in thread]