Date: Tue, 10 Oct 2000 15:47:37 +0700 (NSS) From: Max Khon <fjoe@iclub.nsu.ru> To: Richard Jones <orinoki@yahoo.com> Cc: FreeBSD-Security <freebsd-security@FreeBSD.ORG> Subject: Re: PAM help needed Message-ID: <Pine.BSF.4.21.0010101528120.39921-100000@iclub.nsu.ru> In-Reply-To: <092701c03299$2e617d60$2600a8c0@ori>
next in thread | previous in thread | raw e-mail | index | archive | help
hi, there! On Tue, 10 Oct 2000, Richard Jones wrote: > Let's see if I understand exactly how PAM works: > According to what was configured to it, PAM authenticates user trying > to enter the machine. > In order to support the PAM control on user's authentication to the > machine, there are 2 groups of applications. > group 1: Those that are responsible for authenticating users (such > as: login, sshd, su, and others), are supposed to have a section > (probably ifdefed) that uses PAM to authenticate the user instead of the > standard way it uses. For instance: login can use something other then > the usual unix password to authenticate users. > > group 2: Those that are responsible for the actual authentication (such > as: simple unix, radius, tacplus, etc.). This application don't require > the libpam module support. The libpam itself looks very good, with a lot > of useful modules (unix, radius, tacplus, skey, kerberos, ssh, etc.). actually there are applications that can authenticate via PAM (group 1) using libpam. The method of authentication is controlled via /etc/pam.conf. libpam reads this file and loads appropriate PAM modules that do authentication. Each PAM module does authentication in its own way. It is possible, for example, to use smb server, or to use RADIUS server for this. > After walking through the FreeBSD sources I saw that: > 1. none of the first group applications (except: login) has the support > for PAM authentication (ifdefed). login is built with PAM by default. ftpd also has PAM support > My questions are: > a. Is any of my assumptions/conclusions wrong? > b. Is there any work done on the subject to fix it? > c. How stable is PAM on FreeBSD? > d. Any known problems that you know from your experience? I do not know of any problems with PAM under FreeBSD. Seems that FreeBSD PAM library is taken without any significant modifications from Linux PAM 0.65 distribution. PAM modules were written from scratch by John Polstra <jdp@freebsd.org>. I think you can ask Mark Murray <markm@freebsd.org> about PAM support in FreeBSD. /fjoe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0010101528120.39921-100000>