Introduction to the PAM Framework - Developer's Guide to Oracle® Solaris 11 Security

Developer's Guide to Oracle^® Solaris 11 Security

Exit Print View

» ...Documentation Home » Oracle Solaris 11.2 Information Library » Developer's Guide to Oracle^® ... » Writing PAM Applications and Services » Introduction to the PAM Framework

Updated: July 2014

Developer's Guide to Oracle^® Solaris 11 Security

Document Information

Using This Documentation

Chapter 1 Oracle Solaris Security for Developers (Overview)

Chapter 2 Developing Privileged Applications

Chapter 3 Writing PAM Applications and Services

Introduction to the PAM Framework

PAM Configuration

Writing Applications That Use PAM Services

Writing Conversation Functions

Writing Modules That Provide PAM Services

Chapter 4 Writing Applications That Use GSS-API

Chapter 5 GSS-API Client Example

Chapter 6 GSS-API Server Example

Chapter 7 Writing Applications That Use SASL

Chapter 8 Introduction to the Oracle Solaris Cryptographic Framework

Chapter 9 Writing User???Level Cryptographic Applications

Chapter 10 Introduction to the Oracle Solaris Key Management Framework

Appendix A Secure Coding Guidelines for Developers

Appendix B Sample C???Based GSS-API Programs

Appendix C GSS-API Reference

Appendix D Specifying an OID

Appendix E Source Code for SASL Example

Appendix F SASL Reference Tables

Appendix G Security Considerations When Using C Functions

Language:

Introduction to the PAM Framework

The PAM framework consists of four parts:

PAM consumers
PAM library
The pam.conf(4) configuration file
PAM service modules, also referred to as providers

The framework provides a uniform way for authentication-related activities to take place. This approach enables application developers to use PAM services without having to know the semantics of the policy. Algorithms are centrally supplied. The algorithms can be modified independently of the individual applications. With PAM, administrators can tailor the authentication process to the needs of a particular system without having to change any applications. Adjustments are made through pam.conf, the PAM configuration file or the /etc/pam.d files, which is available from Oracle Solaris 11.1 release onwards.

The following figure illustrates the PAM architecture. Applications communicate with the PAM library through the PAM application programming interface (API). PAM modules communicate with the PAM library through the PAM service provider interface (SPI). Thus, the PAM library enables applications and modules to communicate with each other.

Figure 3-1 PAM Architecture

image:Figure shows how the PAM library is accessed by applications and PAM service modules.

Copyright © 2000, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices