The translation is temporarily closed for contributions due to maintenance, please come back later.
Context English Portuguese (Brazil) State
_ translator-credits Nilton José Rizzo aka rizzo@rizzo.eng.br
Edson Brandi, ebrandi@FreeBSD.org, 2018
Silvio Ap Silva, contato@kanazuchi.com, 2018
<year>2001</year> <year>2002</year> <year>2003</year> <holder>Networks Associates Technology, Inc.</holder> <year>2001</year> <year>2002</year> <year>2003</year> <holder>Networks Associates Technology, Inc.</holder>
<personname> <firstname>Dag-Erling</firstname> <surname>Smørgrav</surname> </personname> <contrib>Contributed by </contrib> <personname> <firstname>Dag-Erling</firstname> <surname>Smørgrav</surname> </personname> <contrib>Contributed by </contrib>
This article was written for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 (<quote>CBOSS</quote>), as part of the DARPA CHATS research program. This article was written for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 (<quote>CBOSS</quote>), as part of the DARPA CHATS research program.
FreeBSD is a registered trademark of the FreeBSD Foundation. FreeBSD is a registered trademark of the FreeBSD Foundation.
Linux is a registered trademark of Linus Torvalds. Linux is a registered trademark of Linus Torvalds.
Motif, OSF/1, and UNIX are registered trademarks and IT DialTone and The Open Group are trademarks of The Open Group in the United States and other countries. Motif, OSF/1, and UNIX are registered trademarks and IT DialTone and The Open Group are trademarks of The Open Group in the United States and other countries.
Sun, Sun Microsystems, Java, Java Virtual Machine, JDK, JRE, JSP, JVM, Netra, OpenJDK, Solaris, StarOffice, SunOS and VirtualBox are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. Sun, Sun Microsystems, Java, Java Virtual Machine, JDK, JRE, JSP, JVM, Netra, OpenJDK, Solaris, StarOffice, SunOS and VirtualBox are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries.
PAM was defined and developed in 1995 by Vipin Samar and Charlie Lai of Sun Microsystems, and has not changed much since. In 1997, the Open Group published the X/Open Single Sign-on (XSSO) preliminary specification, which standardized the PAM API and added extensions for single (or rather integrated) sign-on. At the time of this writing, this specification has not yet been adopted as a standard. O PAM foi definido e desenvolvido em 1995 por Vipin Samar e Charlie Lai da Sun Microsystems, e não teve muitas mudanças até hoje. Em 1997, o Open Group publicou a especificação preliminar do X/Open Single Sign-on (XSSO), a qual padroniza a API do PAM e adiciona extensões para autenticação única ou integrada. No momento da redação deste documento, esta especificação ainda não tinha sido adotada como padrão.
The terminology surrounding PAM is rather confused. Neither Samar and Lai's original paper nor the XSSO specification made any attempt at formally defining terms for the various actors and entities involved in PAM, and the terms that they do use (but do not define) are sometimes misleading and ambiguous. The first attempt at establishing a consistent and unambiguous terminology was a whitepaper written by Andrew G. Morgan (author of Linux-PAM) in 1999. While Morgan's choice of terminology was a huge leap forward, it is in this author's opinion by no means perfect. What follows is an attempt, heavily inspired by Morgan, to define precise and unambiguous terms for all actors and entities involved in PAM. A terminologia em torno do PAM é bastante confusa. Nem o artigo original de Neither Samar e Lai nem a especificação original do XSSO fizeram algum esforço para definir formalmente os termos de vários atores e entidades envolvidas no PAM, e os termos que eles usam (mas não definem) são algumas vezes duvidosos ou ambíguos. A primeira tentativa de estabelecer uma terminologia consistente e não ambígua foi feita no artigo escrito por Andrew G. Morgan (autor do Linux-PAM) em 1999. A escolha da terminologia de Morgan foi um grande avanço, mas na opinião deste autor, não é perfeita. O que segue é uma tentativa, fortemente inspirada por Morgan, de definir termos precisos e não ambíguos para todos os atores e entidades envolvidas no PAM.
The user or entity requesting authentication. Usuário ou entidade que solicita autenticação
The user or entity who has the privileges necessary to verify the applicant's credentials and the authority to grant or deny the request. Usuário ou entidade a qual tem privilégios necessários para verificar as credenciais do requerente e autorizar ou não a solicitação
facility recursos
<prompt>%</prompt> <userinput>whoami</userinput>
alice
<prompt>%</prompt> <userinput>ls -l `which su`</userinput>
-r-sr-xr-x 1 root wheel 10744 Dec 6 19:06 /usr/bin/su
<prompt>%</prompt> <userinput>su -</userinput>
Password: <userinput>xi3kiune</userinput>
<prompt>#</prompt> whoami
root
<prompt>%</prompt> <userinput>whoami</userinput>
alice
<prompt>%</prompt> <userinput>ls -l `which su`</userinput>
-r-sr-xr-x 1 root wheel 10744 Dec 6 19:06 /usr/bin/su
<prompt>%</prompt> <userinput>su -</userinput>
Password: <userinput>xi3kiune</userinput>
<prompt>#</prompt> whoami
root
<prompt>%</prompt> <userinput>whoami</userinput>
eve
<prompt>%</prompt> <userinput>ssh bob@login.example.com</userinput>
bob@login.example.com's password: <userinput>god</userinput>
Last login: Thu Oct 11 09:52:57 2001 from 192.168.0.1
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 4.4-STABLE (LOGIN) #4: Tue Nov 27 18:10:34 PST 2001

Welcome to FreeBSD!
<prompt>%</prompt>
<prompt>%</prompt> <userinput>whoami</userinput>
eve
<prompt>%</prompt> <userinput>ssh bob@login.example.com</userinput>
bob@login.example.com's password: <userinput>god</userinput>
Last login: Thu Oct 11 09:52:57 2001 from 192.168.0.1
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 4.4-STABLE (LOGIN) #4: Tue Nov 27 18:10:34 PST 2001

Welcome to FreeBSD!
<prompt>%</prompt>
sshd auth required pam_nologin.so no_warn
sshd auth required pam_unix.so no_warn try_first_pass
sshd account required pam_login_access.so
sshd account required pam_unix.so
sshd session required pam_lastlog.so no_fail
sshd password required pam_permit.so
sshd auth required pam_nologin.so no_warn
sshd auth required pam_unix.so no_warn try_first_pass
sshd account required pam_login_access.so
sshd account required pam_unix.so
sshd session required pam_lastlog.so no_fail
sshd password required pam_permit.so
This policy applies to the <literal>sshd</literal> service (which is not necessarily restricted to the <citerefentry><refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum></citerefentry> server.) Esta política se aplica ao serviço <literal>sshd</literal> (que não é necessariamente restrito ao servidor <citerefentry><refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum></citerefentry>).
<filename>pam_nologin.so</filename>, <filename>pam_unix.so</filename>, <filename>pam_login_access.so</filename>, <filename>pam_lastlog.so</filename> and <filename>pam_permit.so</filename> are modules. It is clear from this example that <filename>pam_unix.so</filename> provides at least two facilities (authentication and account management.) <filename>pam_nologin.so</filename>, <filename>pam_unix.so</filename>, <filename>pam_login_access.so</filename>, <filename>pam_lastlog.so</filename> e <filename>pam_permit.so</filename> são módulos. Fica claro neste exemplo que o <filename>pam_unix.so</filename> fornece pelo menos dois recursos (autenticação e gerenciamento de conta).
<literal>session</literal> <literal>session</literal>
<literal>binding</literal> <literal>binding</literal>