![]() ![]() tokenĪ chunk of information associated with the account, such as a password or passphrase, which the applicant must provide to prove his identity. One of PAM’s four facilities, session management, is concerned exclusively with setting up and tearing down this context. The context within which service is rendered to the applicant by the server. PAM policies are defined on a per-service basis, so all servers that claim the same service name will be subject to the same policy. serviceĪ class of servers providing similar or related functionality and requiring similar authentication. The application acting on behalf of the arbitrator to converse with the client, retrieve authentication information, verify the applicant’s credentials and grant or deny requests. The complete set of configuration statements describing how to handle PAM requests for a particular service.Ī policy normally consists of four chains, one for each facility, though some services do not use all four facilities. moduleĪ collection of one or more related functions implementing a particular authentication facility, gathered into a single (normally dynamically loadable) binary file and identified by a single name. One of the four basic groups of functionality provided by PAM: authentication, account management, session management and authentication token update. The application responsible for initiating an authentication request on behalf of the applicant and for obtaining the necessary authentication information from him. The chain includes information about the order in which to invoke the modules, what arguments to pass to them, and how to interpret the results. chainĪ sequence of modules that will be invoked in response to a PAM request. The user or entity who has the privileges necessary to verify the applicant’s credentials and the authority to grant or deny the request. The user or entity requesting authentication. The set of credentials the applicant is requesting from the arbitrator. Where those designations appear in this document, and the FreeBSD Project was aware of the trademark claim, the designations have been followed by the “™” or the “®” symbol. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. in the United States and other countries. Sun, Sun Microsystems, Java, Java Virtual Machine, JDK, JRE, JSP, JVM, Netra, OpenJDK, Solaris, StarOffice, SunOS and VirtualBox are trademarks or registered trademarks of Sun Microsystems, Inc. Motif, OSF/1, and UNIX are registered trademarks and IT DialTone and The Open Group are trademarks of The Open Group in the United States and other countries. Linux is a registered trademark of Linus Torvalds. under DARPA/SPAWAR contract N66001-01-C-8035 (“CBOSS”), as part of the DARPA CHATS research program. This article was written for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. FreeBSD is a registered trademark of the FreeBSD Foundation. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |