Developer's Guide to Oracle® Solaris 11 Security

Exit Print View

Updated: July 2014

PAM Authentication Process

    As an example of how consumers use the PAM library for user authentication, consider how login authenticates a user:

  1. The login application initiates a PAM session by calling pam_start(3PAM) and by specifying the login service.

  2. The application calls pam_authenticate(3PAM), which is part of the PAM API that is exported by the PAM library, libpam(3LIB).

  3. The PAM library searches for login entries in the PAM configuration corresponding to the service module type of authentication (auth).

  4. For each module in pam.conf that is configured for the login service, the PAM library calls pam_sm_authenticate(3PAM). The pam_sm_authenticate() function is part of the PAM SPI. The pam.conf control flag and results of each call determine whether the user is allowed access to the system. This process is described in more detail in Configuring PAM in Managing Kerberos and Other Authentication Services in Oracle Solaris 11.2 .

In this way, the PAM library connects PAM applications with the PAM modules that have been configured by the system administrator.