PAM Authentication Process - Developer's Guide to Oracle® Solaris 11 Security

Developer's Guide to Oracle^® Solaris 11 Security

Exit Print View

» ...Documentation Home » Oracle Solaris 11.2 Information Library » Developer's Guide to Oracle^® ... » Writing PAM Applications and Services » Introduction to the PAM Framework » PAM Authentication Process

Updated: July 2014

Developer's Guide to Oracle^® Solaris 11 Security

Document Information

Using This Documentation

Chapter 1 Oracle Solaris Security for Developers (Overview)

Chapter 2 Developing Privileged Applications

Chapter 3 Writing PAM Applications and Services

Introduction to the PAM Framework

PAM Service Modules

PAM Authentication Process

Requirements for PAM Consumers

PAM Configuration

Configuring PAM Through /etc/pam.d

Writing Applications That Use PAM Services

A Simple PAM Consumer Example

Other Useful PAM Functions

Writing Conversation Functions

Writing Modules That Provide PAM Services

Requirements for PAM Service Providers

Sample PAM Provider Service Module

Chapter 4 Writing Applications That Use GSS-API

Chapter 5 GSS-API Client Example

Chapter 6 GSS-API Server Example

Chapter 7 Writing Applications That Use SASL

Chapter 8 Introduction to the Oracle Solaris Cryptographic Framework

Chapter 9 Writing User???Level Cryptographic Applications

Chapter 10 Introduction to the Oracle Solaris Key Management Framework

Appendix A Secure Coding Guidelines for Developers

Appendix B Sample C???Based GSS-API Programs

Appendix C GSS-API Reference

Appendix D Specifying an OID

Appendix E Source Code for SASL Example

Appendix F SASL Reference Tables

Appendix G Security Considerations When Using C Functions

Language:

PAM Authentication Process

As an example of how consumers use the PAM library for user authentication, consider how login authenticates a user:

The login application initiates a PAM session by calling pam_start(3PAM) and by specifying the login service.
The application calls pam_authenticate(3PAM), which is part of the PAM API that is exported by the PAM library, libpam(3LIB).
The PAM library searches for login entries in the PAM configuration corresponding to the service module type of authentication (auth).
For each module in pam.conf that is configured for the login service, the PAM library calls pam_sm_authenticate(3PAM). The pam_sm_authenticate() function is part of the PAM SPI. The pam.conf control flag and results of each call determine whether the user is allowed access to the system. This process is described in more detail in Configuring PAM in Managing Kerberos and Other Authentication Services in Oracle Solaris 11.2 .

In this way, the PAM library connects PAM applications with the PAM modules that have been configured by the system administrator.

Copyright © 2000, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices