PAM

From Wsms

PAM stands for Pluggable Authentication Modules. It is a suite of shared libraries that enable system administrator to choose how applications authenticate users.

On Fedora Core 6 you PAM is located in the pam package, and the current version is pam-0.99.5.0-5.fc5.i386.rpm. The documentation is at file:///usr/share/doc/pam-0.99.5.0/html/index.html. A really intersting scenario is described in file:///usr/share/doc/pam-0.99.5.0/html/pam-3.html.

To illustrate the flexibility you face, consider the following situation: a system administrator (parent) wishes to improve the mathematical ability of her users (children). She can configure their favorite Shoot em up game (PAM-aware of course) to authenticate them with a request for the product of a couple of random numbers less than 12. It is clear that if the game is any good they will soon learn their multiplication tables. As they mature, the authentication can be upgraded to include (long) division!

A variation of this that would be applicable to our class server (rop.ncc.sdccd.net in case you forgot) would be to have a second layer attached to the ssh login that would ask a question like: What is the first name of our teacher? That would completeley block all the script-kiddie attacks like to one we were a victim of last fall.

If you look at file:///usr/share/doc/pam-0.99.5.0/html/index.html you will see that there are docs for module and application developent.

Linux Journal articles that might be of interest: http://www.linuxjournal.com/node/8338/print http://www.linuxjournal.com/article/8957 http://www2.linuxjournal.com/article/4412