Linux系统中的Pam模块为可热插拔的认证模块(*.so)
1、配置文件
# ls /etc/pam.d/
atd other subscription-manager
authconfig passwd subscription-manager-gui
authconfig-gtk password-auth sudo
authconfig-tui password-auth-ac sudo-i
chfn polkit-1 su-l
chsh poweroff system-auth
config-util ppp system-auth-ac
crond reboot system-config-authentication
cups remote system-config-date
cvs rhn_register system-config-kdump
dovecot run_init system-config-keyboard
eject runuser system-config-language
fingerprint-auth runuser-l system-config-network
fingerprint-auth-ac selinux-polgengui system-config-network-cmd
gdm setup system-config-selinux
gdm-autologin sfcb system-config-users
gdm-fingerprint smartcard-auth vmware-authd
gdm-password smartcard-auth-ac vsftpd
gnome-screensaver smtp vsftpd_user
halt smtp.postfix wireshark
ksu squid xlock
liveinst sshd xserver
login ssh-keycat
newrole su
其中system-auth和password-auth配置文件是RHEL6实现用户名验证机制配置文件,大多数服务的配置将都会调用它们。
2、模块,如果是32为系统则路径是/lib/security/,如果是64为系统则在/lib64/security/目录下
# ls /lib64/security/
pam_access.so pam_gnome_keyring.so pam_namespace.so pam_succeed_if.so
pam_cap.so pam_group.so pam_nologin.so pam_tally2.so
pam_chroot.so pam_issue.so pam_oddjob_mkhomedir.so pam_time.so
pam_ck_connector.so pam_keyinit.so pam_passwdqc.so pam_timestamp.so
pam_console.so pam_krb5 pam_permit.so pam_tty_audit.so
pam_cracklib.so pam_krb5afs.so pam_postgresok.so pam_umask.so
pam_debug.so pam_krb5.so pam_pwhistory.so pam_unix_acct.so
pam_deny.so pam_lastlog.so pam_rhosts.so pam_unix_auth.so
pam_echo.so pam_limits.so pam_rootok.so pam_unix_passwd.so
pam_env.so pam_listfile.so pam_securetty.so pam_unix_session.so
pam_exec.so pam_localuser.so pam_selinux_permit.so pam_unix.so
pam_faildelay.so pam_loginuid.so pam_selinux.so pam_userdb.so
pam_faillock.so pam_mail.so pam_sepermit.so pam_warn.so
pam_filter pam_mkhomedir.so pam_shells.so pam_wheel.so
pam_filter.so pam_motd.so pam_smbpass.so pam_winbind.so
pam_fprintd.so pam_mysql.la pam_sss.so pam_xauth.so
pam_ftp.so pam_mysql.so pam_stress.so