Linux Security HOWTO : Password Security and Encryption : PAM - Pluggable Authentication Modules
Previous: ssh (Secure Shell) and stelnet
Next: Cryptographic IP Encapsulation (CIPE)

6.5. PAM - Pluggable Authentication Modules

Newer versions of the Red Hat Linux distribution ship with a unified authentication scheme called "PAM". PAM allows you to change your authentication methods and requirements on the fly, and encapsulate all local authentication methods without recompiling any of your binaries. Configuration of PAM is beyond the scope of this document, but be sure to take a look at the PAM web site for more information. http://www.kernel.org/pub/linux/libs/pam/index.html.

Just a few of the things you can do with PAM:

Within a few hours of installing and configuring your system, you can prevent many attacks before they even occur. For example, use PAM to disable the system-wide usage of .rhosts files in user's home directories by adding these lines to /etc/pam.d/rlogin:

		#
		# Disable rsh/rlogin/rexec for users
		#
		login auth required pam_rhosts_auth.so no_rhosts


Linux Security HOWTO : Password Security and Encryption : PAM - Pluggable Authentication Modules
Previous: ssh (Secure Shell) and stelnet
Next: Cryptographic IP Encapsulation (CIPE)