Introduction to PAM
The Pluggable Authentication Module (PAM) framework lets you "plug in" new authentication technologies without changing system entry services such as login, ftp, telnet, and so on. You can also use PAM to integrate UNIX login with other security mechanisms like DCE or Kerberos. Mechanisms for account, session, and password management can also be "plugged in" using this framework.
Benefits of Using PAM
The PAM framework allows a system administrator to choose any combination of system entry services (ftp, login, telnet, or rsh, for example) for user authentication. Some of the benefits PAM provides are:
-
Flexible configuration policy
-
Per application authentication policy
-
The ability to choose a default authentication mechanism
-
Multiple passwords on high-security systems
-
-
Ease of use for the end user
-
No retyping of passwords if they are the same for different mechanisms
-
The ability to use a single password for multiple authentication methods with the password mapping feature, even if the passwords associated with each authentication method are different
-
The ability to prompt the user for passwords for multiple authentication methods without having the user enter multiple commands
-
-
The ability to pass optional parameters to the user authentication services
- © 2010, Oracle Corporation and/or its affiliates