Source string Read only

(itstool) path: section/title (itstool) id: article.translate.xml#pam-definitions.title

11/110
Context English State
This article describes the underlying principles and mechanisms of the Pluggable Authentication Modules (PAM) library, and explains how to configure PAM, how to integrate PAM into applications, and how to write PAM modules.
<year>2001</year> <year>2002</year> <year>2003</year> <holder>Networks Associates Technology, Inc.</holder>
<personname> <firstname>Dag-Erling</firstname> <surname>Smørgrav</surname> </personname> <contrib>Contributed by </contrib>
This article was written for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 (<quote>CBOSS</quote>), as part of the DARPA CHATS research program.
FreeBSD is a registered trademark of the FreeBSD Foundation.
Linux is a registered trademark of Linus Torvalds.
Motif, OSF/1, and UNIX are registered trademarks and IT DialTone and The Open Group are trademarks of The Open Group in the United States and other countries.
Sun, Sun Microsystems, Java, Java Virtual Machine, JDK, JRE, JSP, JVM, Netra, OpenJDK, Solaris, StarOffice, SunOS and VirtualBox are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries.
Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this document, and the FreeBSD Project was aware of the trademark claim, the designations have been followed by the <quote>™</quote> or the <quote>®</quote> symbol.
$FreeBSD: head/en_US.ISO8859-1/articles/pam/article.xml 54299 2020-06-27 18:15:55Z carlavilla $
Introduction
The Pluggable Authentication Modules (PAM) library is a generalized API for authentication-related services which allows a system administrator to add new authentication methods simply by installing new PAM modules, and to modify authentication policies by editing configuration files.
PAM was defined and developed in 1995 by Vipin Samar and Charlie Lai of Sun Microsystems, and has not changed much since. In 1997, the Open Group published the X/Open Single Sign-on (XSSO) preliminary specification, which standardized the PAM API and added extensions for single (or rather integrated) sign-on. At the time of this writing, this specification has not yet been adopted as a standard.
Although this article focuses primarily on FreeBSD 5.x, which uses OpenPAM, it should be equally applicable to FreeBSD 4.x, which uses Linux-PAM, and other operating systems such as Linux and <trademark>Solaris</trademark>.
Terms and Conventions
Definitions
The terminology surrounding PAM is rather confused. Neither Samar and Lai's original paper nor the XSSO specification made any attempt at formally defining terms for the various actors and entities involved in PAM, and the terms that they do use (but do not define) are sometimes misleading and ambiguous. The first attempt at establishing a consistent and unambiguous terminology was a whitepaper written by Andrew G. Morgan (author of Linux-PAM) in 1999. While Morgan's choice of terminology was a huge leap forward, it is in this author's opinion by no means perfect. What follows is an attempt, heavily inspired by Morgan, to define precise and unambiguous terms for all actors and entities involved in PAM.
account
The set of credentials the applicant is requesting from the arbitrator.
applicant
The user or entity requesting authentication.
arbitrator
The user or entity who has the privileges necessary to verify the applicant's credentials and the authority to grant or deny the request.
chain
A sequence of modules that will be invoked in response to a PAM request. The chain includes information about the order in which to invoke the modules, what arguments to pass to them, and how to interpret the results.
client
The application responsible for initiating an authentication request on behalf of the applicant and for obtaining the necessary authentication information from him.
facility
One of the four basic groups of functionality provided by PAM: authentication, account management, session management and authentication token update.
module
A collection of one or more related functions implementing a particular authentication facility, gathered into a single (normally dynamically loadable) binary file and identified by a single name.
ComponentTranslation
This translation Translated FreeBSD Doc/articles_pam Definitions
The following string has the same context and source.
Translated FreeBSD Doc/books_dev-model Definitions

Loading…

No matching activity found.

Browse all component changes

Glossary

English English
No related strings found in the glossary.

Source information

Source string comment

(itstool) path: section/title (itstool) id: article.translate.xml#pam-definitions.title

Flags
read-only
Source string location
article.translate.xml:124
String age
a year ago
Source string age
a year ago
Translation file
articles/pam.pot, string 18