Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more
Download
Standard view
Full view
of .
Look up keyword
Like this
2Activity
0 of .
Results for:
No results containing your search query
P. 1
user-authentication-howto

user-authentication-howto

Ratings:

4.5

(1)
|Views: 281|Likes:
Published by a.g

More info:

Published by: a.g on Apr 21, 2008
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

05/09/2014

pdf

text

original

User Authentication HOWTO
Peter Hernberg
Floris Lambrechts \u2212 Language changes, various small fixes (v0.8).
2000\u221205\u221202
Revision History
Revision 0.8
2003\u221202\u221220

Revised by: fl
language changes, various small fixes
Revision 0.5

2000\u221205\u221215

Revised by: ph
added section on securing pam, added resources section
Revision 0.1

2000\u221205\u221202
Revised by: ph
initial version
Explains how user and group information is stored and how users are authenticated on a Linux system (PAM),
and how to secure you system's user authentication.
Table of Contents
1. Introduction.....................................................................................................................................................1

1.1. How this document came to be.........................................................................................................1 1.2. New versions.....................................................................................................................................1 1.3. Feedback...........................................................................................................................................1 1.4. Copyrights and Trademarks..............................................................................................................1 1.5. Acknowledgements and Thanks.......................................................................................................1 1.6. Assumptions about the reader...........................................................................................................2

2. How User Information is Stored on Your System.......................................................................................3

2.1. /etc/passwd........................................................................................................................................3 2.2. Shadow passwords............................................................................................................................3 2.3. /etc/group and /etc/gshadow.............................................................................................................3 2.4. MD5 encrypted passwords................................................................................................................4 2.5. Sifting through the mess...................................................................................................................4

3. PAM (Pluggable Authentication Modules)...................................................................................................5

3.1. Why...................................................................................................................................................5
3.2. What..................................................................................................................................................5
3.2.1. Distributions that support pam................................................................................................5
3.2.2. Installing PAM........................................................................................................................6
3.3. How...................................................................................................................................................6
3.3.1. PAM configuration files..........................................................................................................6
3.3.2. A little something....................................................................................................................6
3.3.3. Configuration syntax...............................................................................................................7
3.3.4. pam.conf configuration...........................................................................................................8
3.4. Getting more information.................................................................................................................8

4. Securing User Authentication........................................................................................................................9

4.1. A strong /etc/pam.d/other..................................................................................................................9
4.1.1. A paranoid configuration.........................................................................................................9
4.1.2. A kinder configuration............................................................................................................9
4.1.3. Choosing a /etc/pam.d/other..................................................................................................10
4.2. Disabling logins for user with null passwords................................................................................10
4.3. Disable unused services..................................................................................................................10
4.4. Password\u2212cracking tools................................................................................................................10
4.5. Shadow and MD5 passwords..........................................................................................................11

5. Tying it all together.......................................................................................................................................12

5.1. Apache + mod_auth_pam...............................................................................................................12
5.2. Our example....................................................................................................................................12
5.3. Installing mod_auth_pam...............................................................................................................12
5.4. Configuring PAM...........................................................................................................................12
5.4.1. Deciding how to configure PAM..........................................................................................12
5.5. Configuring Apache........................................................................................................................13
5.6. Testing our setup.............................................................................................................................13

User Authentication HOWTO
i
Table of Contents
6. Resources.......................................................................................................................................................14

6.1. PAM................................................................................................................................................14 6.2. General Security..............................................................................................................................14 6.3. Offline Documentation...................................................................................................................14

7. Conclusion.....................................................................................................................................................15
User Authentication HOWTO
ii

Activity (2)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->