[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-isp
Subject: Re: PAM
From: Nick Rogness <nick () rogness ! net>
Date: 2001-12-29 19:50:02
[Download RAW message or body]
On Fri, 28 Dec 2001, Noah Davidson wrote:
> I have been reading about PAM. I am completely confused how PAM can
> authenticate users. We now have users in the standard Unix password
> file. The server that I am looking into implementing this on is a
> sendmail server. the biggest question is how can the users
> authenticate? Does PAM authenticate the users, or does PAM use
> something else to actually authenticate like mysql. Can someone
> please help me, also can someone point me somewhere I can get this
> kind of information?
PAM by itself can not authenticate users. The Application must
make a call to PAM for authentication and look at the response to
see if it is successfull. It kinda works like this:
1) Application sends authentication request to PAM (including
username/password/etc)
2) A PAM module, configured in /etc/pam.conf for the app, tries to
authenticate them using the method specified for the module, eg
pam_mysql.so uses MySQL, pam_unix.so uses unix password file,
etc.
3) If the PAM module (in above step) is successful, it returns
PAM_SUCCESS flag back to the application. Otherwise it returns
a PAM error.
4) The application must look at the returned flag to see if it is
PAM_SUCCESS or error and take appropriate action.
For more information checkout:
http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/
Nick Rogness <nick@rogness.net>
- Don't mind me...I'm just sniffing your packets
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic