本文深入探讨了Linux PAM的历史、作用、模块、配置和访问管理,阐述了它作为多用户系统中强大身份验证系统的功能。通过PAM,系统能灵活处理各种服务和用户认证需求。
linux移除pam模块
Authentication is an important part of the operations systems like Linux. As Linux operating systems are multi-user systems and run a lot of services and complex scenarios they generally need robust and easy to implement complex scenarios authentication systems. Linux Pluggable Authentication a.k.a. Linux PAM is a very robust and dynamic authentication system. In this tutorial, we will try to explain important aspects of Linux PAM.
身份验证是Linux等操作系统的重要组成部分。 由于Linux操作系统是多用户系统,并且运行许多服务和复杂方案,因此它们通常需要健壮且易于实现的复杂方案身份验证系统。 Linux可插拔身份验证(又名Linux PAM)是一个非常强大且动态的身份验证系统。 在本教程中,我们将尝试解释Linux PAM的重要方面。
PAM历史 (PAM History)
In 1995 Open Software Foundation or Open Group published RFC for PAM. This RFC has gained a lot of interest which is resulted in a powerful community and development life cycle.
1995年,开放软件基金会(Open Software Foundation)或开放集团(Open Group)发布了RFC for PAM。 该RFC引起了人们的极大兴趣,这导致了强大的社区和开发生命周期。
PAM验证 (PAM Authentication)
Authentication is used to verify user-provided information. In Linux operating system environment there are a lot of services, users, etc. All of them need some privileges to use the operating system or other services resources. This will create a lot of work on authentication.
身份验证用于验证用户提供的信息。 在Linux操作系统环境中,有许多服务,用户等。所有这些人都需要一些特权才能使用操作系统或其他服务资源。 这将在身份验证方面进行大量工作。
PAM模块 (PAM Modules)
Modules provide flexibility to the PAM. PAM does not rely on static libraries or modules. As there are a lot of services and interaction methods we need to provide dynamic ways for authentication. For example, If we need to authenticate ftp related services and users we need to use pam_ftp module for this.
模块为PAM提供了灵活性。 PAM不依赖静态库或模块。 由于存在许多服务和交互方法,因此我们需要提供动态的身份验证方法。 例如,如果我们需要验证与ftp相关的服务和用户,则需要为此使用pam_ftp模块。
PAM配置 (PAM Config)
Modules provide required libraries but we need to configure the authentication. PAM config or module configuration is used to specify required actions and permissions. PAM configuration files are put on /etc/pam.d/ where in this case we will look configuration file named ftpd .
模块提供了必需的库,但是我们需要配置身份验证。 PAM配置或模块配置用于指定所需的操作和权限。 PAM配置文件放在/etc/pam.d/ ,在这种情况下,我们将查找名为ftpd配置文件。
#
# ftpd; add ftp-specifics. These lines enable anonymous ftp over
# standard UN*X access (the listfile entry blocks access to
# users listed in /etc/ftpusers)
#
auth sufficient pam_ftp.so
auth required pam_unix.so use_first_pass
auth required pam_listfile.so onerr=succeed item=user sense=deny file=/etc/ftpuserPAM访问 (PAM Access)
The pam_access is used for access management. This module configuration is taken from /etc/security/access.conf . We can configure detailed access configuration with parameters like the user, group, host, service, etc. For more information about the access, module read the following tutorial.
pam_access用于访问管理。 该模块配置来自/etc/security/access.conf 。 我们可以使用用户,组,主机,服务等参数配置详细的访问配置。有关访问的更多信息,模块请阅读以下教程。
Access.conf Security Configuration For Linux and Unix
翻译自: https://www.poftut.com/what-is-linux-pam-pluggable-authentication/
linux移除pam模块
扫一扫
1340
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
