8) the PAM Authentication Module provides authentication information to applications through the PAM library.
9) after the authentication is completed, the application has two options:
Grant the required permissions to the user and notify the user.
The authentication fails and the user is notified.
The PAM workflow is shown in Figure 1.
Figure 1 PAM Workflow
PAM usage:
#cd /usr/src/redhat/SOURCES/srp-2.1.1/base/pam_eps.#install -m 644 pam_eps_auth.so pam_eps_passwd.so /lib/security |
The above command installs the PAM module in the/lib/security directory. Run the "/usr/local/bin/tconf" command to create the/etc/tpasswd and/etc/tpasswd. conf files.
2. Use the eps pam module for password verification
1) first back up the/etc/pam. d/system-auth file
2) modify the/etc/pam. d/system-auth file in the following format:
auth required /lib/security/pam_unix.so likeauthnullok md5 shadowauth sufficient /lib/security/pam_eps_auth.soauth required /lib/security/pam_deny.soaccount sufficient /lib/security/pam_unix.soaccount required /lib/security/pam_deny.sopassword required /lib/security/pam_cracklib.so retry=3password required /lib/security/pam_eps_passwd.sopassword sufficient /lib/security/pam_unix.sonullok use_authtok md5 shadowpassword required /lib/security/pam_deny.sosession required /lib/security/pam_limits.sosession required /lib/security/pam_unix.so |
Note that the first line in bold indicates that the PAM eps_auth module can meet the authentication requirements. The second line in bold indicates that the pam_eps_passwd.so module of PAM is used for password management.
3) convert the standard password to the EPS format
4) The pam_eps_passwd.so module of the/etc/pam. d/system-auth configuration file writes the password verification string of the EPS version to the/etc/tpasswd file. Modify the/etc/pam. dpasswd file in the following format:
auth required /lib/security/pam_stack.soservice=system-authaccount required /lib/security/pam_stack.soservice=system-authpassword required /lib/security/pam_stack.soservice=system-auth |