Authentication Modules for Linux

;1:. '}} Magnet  Mfg; 

Arun Bagul

Friday.  January 26, 2007
Thought of the Day. ..

“We all are in mission of leaming, 
What learning will give? 
-when learning is purposeful, 
creat...
What will you learn? ... 

|  3 Authentication

3 PAM (Pluggable Authentication Modules)
3 PAM Modules and Architecture

3...
Authentication.  . . 

|  3 What is Authentication? 

3 Why Authentication? 
3 Different types of Authentication

' Basic,...
What is Authentication? 

|  .

Act of establishing identity

3 Identity:  users,  systems,  applications and
messages

3 ...
Why Authentication? 

|  .

Control access and privileges
3 Bind some sensitive data
3 Establish trusted multiple parties
...
Different types of Authentication

|  1) Basic,  single-factor

' common password
' host or system names
' application nam...
Different types of Authentication

l 2) Multi-Factor

' name and password
' smart cards
' biometric information

Friday,  ...
Different types of Authentication

|  3) Cryptographic

' Public key authentication
' Digital signature

Friday,  January ...
PAM (Pluggable Authentication Modules)

What is PAM? 
Why PAM? 
Advantages

User administration

Friday.  January 26, 2007...
PAM Architecture

Pluggable Authentication Modules
Architecture

System Entry Process

Authentlcailon
.  _ _ _ __+______

...
PAM Modules

3 Authentication management
3 Account management

3 Session management

3 Password management

Friday,  Janua...
PAM Modules syntax. ..

|  <module> <control-tlag> <module-path>

<argument>
auth required / lib/ security ignore
account ...
How to configure PAM

 

/ etc/ pam. d/login

auth requisite pam_securetty. so

session required pam_env. so readenv= l
au...
How to configure PAM

 

/ etc/ pam. d/common-session

#session required pam_unix. so

#session optional pam_foreground. s...
NSS (Name Service Switch)

Ll3'-Llllfl-

.  . . .
[>21 and;  '''‘'>‘‘‘'
_ mg

  

Friday,  January 26, 2007

 

 

~ _au, u...
Different methods of User Admin. 

3 PAM with MySQL
3 PAM with Postgres
3 LDAP

3 Kerberos

3 Samba
D OPIE (One time Passw...
PAM with MySQL

|  3 pam_mysql

3 libnss-mysql_l .0_4
3 Database: - authentication
3 Tab1es: - users,  groups and authlog
...
PAM with MySQL

|  3 pam_mysql and libnss-mysql installation

# . /configure --with—pam-mods—dir= /lib/ security
#dpkg —i ...
PAM with MySQL

 

#/ etc/ pam_mysql. conf
users. host =  192.168.0.l0
users. database =  authentication
users. db_user = ...
PAM with MySQL

N #/ etc/ nsswitch. conf

passwd:  files mysql
group:  files mysql
shadow:  files mysql

Friday.  January 26,...
PAM with MySQL

|  #/ etc/ nss-mysql. conf
## DB Access

users. host =  inet:  192. 168.0. 1013306;
users. db_user =  quer...
Authentication Modules for Linux

Thank you

§. ~_‘--. ~
1  Mag“ El

www. magnetteChnologies. com

arun. bagul @magnettech...
Upcoming SlideShare
Loading in...5
×

Authentication Modules For Linux - PAM Architecture

11,833

Published on

Published in: Economy & Finance, Technology
1 Comment
9 Likes
Statistics
Notes
No Downloads
Views
Total Views
11,833
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
1
Likes
9
Embeds 0
No embeds

No notes for slide

Authentication Modules For Linux - PAM Architecture

  1. 1. Authentication Modules for Linux ;1:. '}} Magnet Mfg; Arun Bagul Friday. January 26, 2007
  2. 2. Thought of the Day. .. “We all are in mission of leaming, What learning will give? -when learning is purposeful, creativity blossoms, when creativity blossoms, thinking emanates, when thinking emanates, knowledge is fully floats, When knowledge fully floats, economy fully flourishes”. - APJ Abdul Kalam Friday, January 26, 2007
  3. 3. What will you learn? ... | 3 Authentication 3 PAM (Pluggable Authentication Modules) 3 PAM Modules and Architecture 3 How to configure PAM? 3 N SS (Name Service Switch) 3 Different methods of User Admin. 3 PAM with MySQL Friday. January 26, 2007 3
  4. 4. Authentication. . . | 3 What is Authentication? 3 Why Authentication? 3 Different types of Authentication ' Basic, single-factor ' Multi-factor ' Cryptographic Friday, January 26, 2007 4
  5. 5. What is Authentication? | . Act of establishing identity 3 Identity: users, systems, applications and messages 3 Legal process Friday, January 26. 2007 S
  6. 6. Why Authentication? | . Control access and privileges 3 Bind some sensitive data 3 Establish trusted multiple parties 3 Maintain, secure data/ privacy Friday, January 26, 2007 6
  7. 7. Different types of Authentication | 1) Basic, single-factor ' common password ' host or system names ' application names ' numerical ids Friday. January 26, 2007 7
  8. 8. Different types of Authentication l 2) Multi-Factor ' name and password ' smart cards ' biometric information Friday, January 26, 2007 8
  9. 9. Different types of Authentication | 3) Cryptographic ' Public key authentication ' Digital signature Friday, January 26, 2007 9
  10. 10. PAM (Pluggable Authentication Modules) What is PAM? Why PAM? Advantages User administration Friday. January 26, 2007 10
  11. 11. PAM Architecture Pluggable Authentication Modules Architecture System Entry Process Authentlcailon . _ _ _ __+______ Account Management I ‘ — — — — — — —I — — — — — — - Kerberos Passwd Management . _ _ _ -_; ---__- Session Mfinagomont n PAM-API PAM-SPI Friday. January 26, 2007 11
  12. 12. PAM Modules 3 Authentication management 3 Account management 3 Session management 3 Password management Friday, January 26. 2007 12
  13. 13. PAM Modules syntax. .. | <module> <control-tlag> <module-path> <argument> auth required / lib/ security ignore account requisite ok session sufficient done password optional e. g.: - auth required pam_issue. so issue: /etc/ issue auth requisite pam_securetty. so account requisite pam_time. so Friday, January 26, 2007 13
  14. 14. How to configure PAM / etc/ pam. d/login auth requisite pam_securetty. so session required pam_env. so readenv= l auth optional pam_group. so @include common-auth @include common—account @include common-session session required pam_limits. so session optional pam_lastlog. so session optional pa1n_motd. so session optional pam_majl. so standard @include common-password Friday, January 26. 2007 14
  15. 15. How to configure PAM / etc/ pam. d/common-session #session required pam_unix. so #session optional pam_foreground. so session required pam_mkhomedir. so ske1=/ etc/ skel/ session sufficient pam_unix. so session required pam_mysql. so conflg_file= /etc/ pam_mysql. conf / etc/ pam. d/common-password password sufficient pam_unix. so nullok obscure min=4 max=8 md5 password required pam_mysql. so config_file= /etc/ pam_mysql. conf / etc/ pam. d/common-account account sufficient pam_mysql. so conflg_f1le= /etc/ pam_mysql. conf account required pam_unix. so Friday, January 26, 2007 15
  16. 16. NSS (Name Service Switch) Ll3'-Llllfl- . . . . [>21 and; '''‘'>‘‘‘' _ mg Friday, January 26, 2007 ~ _au, u,_, =' nu- _v. _,- <. ,_. .ru2|-. Ii-uv-Um? y- — V‘ J-«vim: _. .,. ... .., ,.1r. .,wv_, I 16
  17. 17. Different methods of User Admin. 3 PAM with MySQL 3 PAM with Postgres 3 LDAP 3 Kerberos 3 Samba D OPIE (One time Password In Everything) Friday, January 26, 2007 17
  18. 18. PAM with MySQL | 3 pam_mysql 3 libnss-mysql_l .0_4 3 Database: - authentication 3 Tab1es: - users, groups and authlog ' / etc/ pam_mysql. conf ' / etc/ nsswitch. conf ' / etc/ nss-mysql. conf ' / etc/ nss-mysql-root. conf ' / etc/ pam. d Friday, January 26, 2007 18
  19. 19. PAM with MySQL | 3 pam_mysql and libnss-mysql installation # . /configure --with—pam-mods—dir= /lib/ security #dpkg —i libnss-mysql_l.0_4ubuntu. deb 3 create pam_mysql package for same configuration Friday, January 26. 2007 19
  20. 20. PAM with MySQL #/ etc/ pam_mysql. conf users. host = 192.168.0.l0 users. database = authentication users. db_user = connect_auth users. db_passwd = abc uSe1‘s. where_Clause = users. status = ‘A’ AND users. allowed_hosts LIKE '%hostname%'; users. table = users users. update_table = users users. user_column = user_name users. password_column = password users. password_crypt = l 1og. enabled = 1 log. table = authlog Friday, January 26. 2007 20
  21. 21. PAM with MySQL N #/ etc/ nsswitch. conf passwd: files mysql group: files mysql shadow: files mysql Friday. January 26, 2007 21
  22. 22. PAM with MySQL | #/ etc/ nss-mysql. conf ## DB Access users. host = inet: 192. 168.0. 1013306; users. db_user = query_auth; users. db_password = xyz ## USERS users. table = users; users. user_column = users. user_name; users. user_column = users. user_name; Friday. January 26, 2007 22
  23. 23. Authentication Modules for Linux Thank you §. ~_‘--. ~ 1 Mag“ El www. magnetteChnologies. com arun. bagul @magnettechnologies. com Ph: - 022 6719200, 9890756335 Friday, January 26. 2007 23

×