What is PAM?
PAM stands for Pluggable authentication modules invented by Sun. PAM is a different from TCP Wrappers or xinted that restricts access to some service. Linux PAM provide authorization for applications and services in a linux system. Mainly PAM is about security,checking to see if services should or should not be use. Linux login were also using PAM to do authentication and validate password. Even applications like SAMBA are going through PAM.
Benefits of PAM
Flexible Configuration Policy
1. Per-application authentication policy - every application /services has their own authentication file
2.Allow multiple authorization on high security /important application / services
3.Allow user to choose a default authentication mechanism
Ease of use for Users
1.Ability to implement a specify security policy without chaging the system entry services.
2.Allow to pass optional options to the user authentication services.
Example of how to Configure PAM on SSH.
Install through YUM (Yellowdog Updater Modified)
#yum install pam
Configure PAM to authentication SSH
A pam file for SSH should have inside /etc/pam.d/ if the services is installed.Changing the security of SSH, set the time which user are unable to SSH in.
To do it,we need to have a PAM module call pam_time.so and probably inside /lib/security/ directory already. Pam_time.so use the file under /etc/security/time.conf.
Since setting time of SSH. Add the following line to the file - time.conf
sshd;*;*;!Al2000-0100
which mean user are unable to sshd into between the time of 1.00AM to 8.00PM
Now edit the /etc/pam.d/sshd file to make it take effect.
account required pam_time.so
Add the above line into the sshd file on the first line so it will check first if the time is right if it is not it will not allow user to ssh in
No comments:
Post a Comment