pam_modules-2.html
Next
Previous
pam_modules.html#toc1
Contents
1. Introduction
1.1 Synopsis
#include <security/pam_modules.h>
gcc -fPIC -c pam_module-name.c
ld -x --shared -o pam_module-name.so pam_module-name.o
1.2 Description
Linux-PAM
(Pluggable Authentication Modules for Linux) is a
library that enables the local system administrator to choose how
individual applications authenticate users.  For an overview of the
Linux-PAM
library see the
Linux-PAM
System Administrators'
Guide.
A
Linux-PAM
module is a single executable binary file that can be
loaded by the
Linux-PAM
interface library. This PAM library is
configured locally with a system file,
/etc/pam.conf
, to
authenticate a user request via the locally available authentication
modules. The modules themselves will usually be located in the
directory
/usr/lib/security
and take the form of dynamically
loadable object files (see dlopen(3)). Alternatively, the modules can
be statically linked into the
Linux-PAM
library; this is mostly to
allow
Linux-PAM
to be used on platforms without dynamic linking
available, but the two forms can be used together.  It is the
Linux-PAM
interface that is called by an application and it is
the responsibility of the library to locate, load and call the
appropriate functions in a
Linux-PAM
-module.
Except for the immediate purpose of interacting with the user
(entering a password etc..) the module should never call the
application directly. This exception requires a "conversation
mechanism" which is documented below.
pam_modules-2.html
Next
Previous
pam_modules.html#toc1
Contents
