Date: Sat, 29 Dec 2001 13:50:02 -0600 (CST) From: Nick Rogness <nick@rogness.net> To: Noah Davidson <Noah@oopz.com> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: PAM Message-ID: <Pine.BSF.4.21.0112291337540.13502-100000@cody.jharris.com> In-Reply-To: <A6A82340FB3DB643A0678E3B10CD5AC10297B7@xela.oopz.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 28 Dec 2001, Noah Davidson wrote: > I have been reading about PAM. I am completely confused how PAM can > authenticate users. We now have users in the standard Unix password > file. The server that I am looking into implementing this on is a > sendmail server. the biggest question is how can the users > authenticate? Does PAM authenticate the users, or does PAM use > something else to actually authenticate like mysql. Can someone > please help me, also can someone point me somewhere I can get this > kind of information? PAM by itself can not authenticate users. The Application must make a call to PAM for authentication and look at the response to see if it is successfull. It kinda works like this: 1) Application sends authentication request to PAM (including username/password/etc) 2) A PAM module, configured in /etc/pam.conf for the app, tries to authenticate them using the method specified for the module, eg pam_mysql.so uses MySQL, pam_unix.so uses unix password file, etc. 3) If the PAM module (in above step) is successful, it returns PAM_SUCCESS flag back to the application. Otherwise it returns a PAM error. 4) The application must look at the returned flag to see if it is PAM_SUCCESS or error and take appropriate action. For more information checkout: http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/ Nick Rogness <nick@rogness.net> - Don't mind me...I'm just sniffing your packets To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0112291337540.13502-100000>