The preceding presentation is fairly abstract and may be hard to digest without some examples. Here, then, are some concrete examples, taken from working Linux distributions. These include a login service, a password service, and a system that uses an authentication stack.
Login services include the login program (used by the console and the Telnet server); the X Display Manager (XDM) and its KDE and GNOME counterparts, KDM and GDM; the SSH server; POP and IMAP mail servers; and the FTP server. Other tools that are similar, but that deviate a bit more, include the su and sudo commands and password-protected screensavers.
Example A-1 shows the
/etc/pam.d/login
file from a Debian Linux
system. (The original file has many comment lines, though, which
Example A-1 has omitted for brevity.) Because this
is a login configuration, the most important sections of this
file—from the perspective of an administrator wanting to change
the system to use a network password database—are the
auth
and account
stacks. These
stacks both contain calls to pam_unix.so
, as
well as a few others that can restrict access in various ways or
display information.
Example A-1. Sample PAM login service configuration
auth requisite pam_securetty.so auth requisite pam_nologin.so auth required pam_env.so auth required pam_unix.so nullok account requisite pam_time.so account required pam_unix.so session required pam_unix.so session optional pam_lastlog.so session optional ...
No credit card required