3. Establish an index password system EPS
EPS Full name: Exponential Password System index Password System), the SRP package contains the source code of the EPS.
1. Install the PAM module
PAM introduction:
PAM Full name: Pluggable Authentication Module embedded Authentication Module ). It was initially developed by SUN and soon accepted by the Linux community and developed more modules. The goal is to provide a set of function libraries that can be used to authenticate user identities, thus separating authentication from application development. Linux-PAM handles four independent management tasks. They are: authentication management, account management, session management, and password management.
PAM working method:
1) call an application to obtain the service of the application.
2) The PAM application calls the background PAM library for authentication.
3) The PAM library searches for configuration files related to application details in the/etc/pam. d/directory, which tells PAM what authentication mechanism is used by the application.
4) The PAM library loads the required authentication module.
5) These modules allow PAM to communicate with Session functions in the application.
6) The session function asks the user for relevant information.
7) The user responds to these requirements and provides the required information.
8) the PAM Authentication Module provides authentication information to applications through the PAM library.
9) after the authentication is completed, the application has two options:
Grant the required permissions to the user and notify the user.
The authentication fails and the user is notified.
PAM usage:
#cd /usr/src/redhat/SOURCES/srp-2.1.1/base/pam_eps. #install -m 644 pam_eps_auth.so pam_eps_passwd.so /lib/security |
The above command installs the PAM module in the/lib/security directory. Run the "/usr/local/bin/tconf" command to create the/etc/tpasswd and/etc/tpasswd. conf files.
2. Use the eps pam module for password verification
1) first back up the/etc/pam. d/system-auth file
2) modify the/etc/pam. d/system-auth file in the following format:
auth required /lib/security/pam_unix.so likeauth nullok md5 shadow auth sufficient /lib/security/pam_eps_auth.so auth required /lib/security/pam_deny.so account sufficient /lib/security/pam_unix.so account required /lib/security/pam_deny.so password required /lib/security/pam_cracklib.so retry=3 password required /lib/security/pam_eps_passwd.so password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow password required /lib/security/pam_deny.so session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so |