The Linux-PAM System Administrators' Guide

MorganAndrew G.

morgan (at) kernel.org
    

PAM team(¾ÈÈ¿¼º, Á¤°æ½Ä, ÇãÁØ¿µ)

SPsoft

   pam (at) spsoft.co.kr

ÀÌ ¹®¼­´Â ½Ã½ºÅÛ°ü¸®ÀÚ°¡ Linux-PAM ¶óÀ̺귯¸®¿¡ ´ëÇؼ­ ¾Ë¾Æ¾ß ÇÒ °ÍµéÀ» ´Ù·ç°í ÀÖ´Ù. ¿©±â¼­´Â PAM ¼³Á¤ÆÄÀÏÀÇ ¿Ã¹Ù¸¥ Çü½Ä°ú º¸¾È»óÀ¸·Î ¾ÈÀüÇÑ ½Ã½ºÅÛÀ» À¯ÁöÇϱâ À§ÇÑ Àü·«À» À̾߱âÇÏ°í ÀÖ´Ù.

DRAFT v0.75 2001/03/18
Â÷·Ê
1. ¼Ò°³(Introduction)
2. ÀÌ ¹®¼­¿¡ ´ëÇÑ ¾à°£ÀÇ ÁÖÇØ(Some comments on the text)
3. °³¿ä
3.1. ½ÃÀÛÇϱâ
4. Linux-PAM ¼³Á¤ ÆÄÀÏ
4.1. ¼³Á¤ ÆÄÀÏ ¹®¹ý(Configuration file syntax)
4.2. µð·ºÅ丮¿¡ ¼³Á¤ÆÄÀÏÀ» ±â·ÏÇÒ ¶§(Directory based configuration)
4.3. ÀϹÝÀûÀÎ ¿É¼Ç ÀÎÀÚµé(generic optional arguments)
4.4. ¼³Á¤ÆÄÀÏ ³»¿ëÀÇ ¿¹(Example configuration file entries)
4.4.1. µðÆúÆ® Á¤Ã¥(Default policy)
5. Linux-PAMÀÇ º¸¾È À̽´(Security issues of Linux-PAM)
5.1. ¹º°¡°¡ À߸ø µÇ°í ÀÖ´Ù¸é(If something goes wrong)
5.2. ¾àÇÑ 'other'¼³Á¤ÇÏÁö ¾Ê±â(Avoid having a weak 'other' configuration)
6. »ç¿ë°¡´ÉÇÑ ¸ðµâµé¿¡ ´ëÇÑ ÀÚ¼¼ÇÑ ¼³¸í(A reference guide for available modules)
6.1. The access module
6.1.1. °³¿ä
6.1.2. ¸ðµâÀÇ Àü¹ÝÀûÀÎ ¼³¸í
6.1.3. °èÁ¤°ü¸® ±¸¼º¿ä¼Ò
6.2. Chroot
6.2.1. °³¿ä
6.2.2. ¸ðµâÀÇ Àü¹ÝÀûÀÎ ¼³¸í
6.2.3. °èÁ¤°ü¸® ±¸¼º¿ä¼Ò:
6.2.4. ÀÎÁõ°ü¸® ±¸¼º¿ä¼Ò:
6.2.5. ¼¼¼Ç°ü¸® ±¸¼º¿ä¼Ò:
6.3. Cracklib pluggable password strength-checker
6.3.1. °³¿ä
6.3.2. ¸ðµâÀÇ Àü¹ÝÀûÀÎ ¼³¸í
6.3.3. Æнº¿öµå°ü¸® ±¸¼º¿ä¼Ò
6.4. Àá±Ý ¸ðµâ(The locking-out module)
6.4.1. °³¿ä
6.4.2. ¸ðµâÀÇ Àü¹ÝÀûÀÎ ¼³¸í
6.4.3. °èÁ¤°ü¸® ±¸¼º¿ä¼Ò
6.4.4. ÀÎÁõ°ü¸® ±¸¼º¿ä¼Ò
6.4.5. Æнº¿öµå°ü¸® ±¸¼º¿ä¼Ò
6.4.6. ¼¼¼Ç°ü¸® ±¸¼º¿ä¼Ò
6.5. ȯ°æ º¯¼ö ¼³Á¤/ÇØÁ¦(Set/unset environment variables)
6.5.1. °³¿ä
6.5.2. ¸ðµâÀÇ Àü¹ÝÀûÀÎ ¼³¸í
6.5.3. ÀÎÁõ°ü¸® ±¸¼º¿ä¼Ò
6.6. The filter module
6.6.1. °³¿ä
6.6.2. ¸ðµâÀÇ Àü¹ÝÀûÀÎ ¼³¸í
6.6.3. °èÁ¤°ü¸® + ÀÎÁõ°ü¸® + Æнº¿öµå°ü¸® + ¼¼¼Ç°ü¸® ±¸¼º¿ä¼Ò
6.7. Anonymous access module
6.7.1. °³¿ä
6.7.2. ¸ðµâÀÇ Àü¹ÝÀûÀÎ ¼³¸í
6.7.3. ÀÎÁõ°ü¸® ±¸¼º¿ä¼Ò
6.8. The group access module
6.8.1. °³¿ä
6.8.2. ¸ðµâÀÇ Àü¹ÝÀûÀÎ ¼³¸í
6.8.3. ÀÎÁõ°ü¸® ±¸¼º¿ä¼Ò
6.9. Add issue file to user prompt
6.9.1. °³¿ä
6.9.2. ¸ðµâÀÇ Àü¹ÝÀûÀÎ ¼³¸í
6.9.3. ÀÎÁõ°ü¸® ±¸¼º¿ä¼Ò
6.10. The Kerberos 4 module
6.10.1. °³¿ä
6.10.2. ¸ðµâÀÇ Àü¹ÝÀûÀÎ ¼³¸í
6.10.3. ¼¼¼Ç°ü¸® ±¸¼º¿ä¼Ò
6.10.4. Æнº¿öµå°ü¸® ±¸¼º¿ä¼Ò
6.10.5. ÀÎÁõ°ü¸® ±¸¼º¿ä¼Ò
6.11. The last login module
6.11.1. °³¿ä
6.11.2. ¸ðµâÀÇ Àü¹ÝÀûÀÎ ¼³¸í
6.11.3. ¼¼¼Ç°ü¸® ±¸¼º¿ä¼Ò
6.12. The resource limits module
6.12.1. °³¿ä
6.12.2. ¸ðµâÀÇ Àü¹ÝÀûÀÎ ¼³¸í
6.12.3. ¼¼¼Ç°ü¸® ±¸¼º¿ä¼Ò
6.13. The list-file module
6.13.1. °³¿ä
6.13.2. ¸ðµâÀÇ Àü¹ÝÀûÀÎ ¼³¸í
6.13.3. ÀÎÁõ°ü¸® ±¸¼º¿ä¼Ò
6.14. The Mail module
6.14.1. °³¿ä
6.14.2. ¸ðµâÀÇ Àü¹ÝÀûÀÎ ¼³¸í
6.14.3. ¼¼¼Ç°ü¸® ±¸¼º¿ä¼Ò
6.14.4. ÀÎÁõ°ü¸® ±¸¼º¿ä¼Ò
6.15. ù ·Î±×Àνà Ȩ µð·ºÅ丮 ¸¸µé±â(Create home directories on initial login)
6.15.1. °³¿ä
6.15.2. ¸ðµâÀÇ Àü¹ÝÀûÀÎ ¼³¸í
6.15.3. ¼¼¼Ç°ü¸® ±¸¼º¿ä¼Ò
6.16. ¿À´ÃÀÇ ¸Þ½ÃÁö Ãâ·Â(Output the motd file)
6.16.1. °³¿ä
6.16.2. ¸ðµâÀÇ Àü¹ÝÀûÀÎ ¼³¸í
6.16.3. ¼¼¼Ç°ü¸® ±¸¼º¿ä¼Ò
6.17. The no-login module
6.17.1. °³¿ä
6.17.2. ¸ðµâÀÇ Àü¹ÝÀûÀÎ ¼³¸í
6.17.3. ÀÎÁõ°ü¸® ±¸¼º¿ä¼Ò
6.18. ¹«Á¶°Ç ½Å·Ú ¸ðµâ(The promiscuous module)
6.18.1. °³¿ä
6.18.2. °³¿ä
6.18.3. °èÁ¤°ü¸® + ÀÎÁõ°ü¸® + Æнº¿öµå°ü¸® + ¼¼¼Ç°ü¸® ±¸¼º¿ä¼Ò
6.19. The Password-Database module
6.19.1. °³¿ä
6.19.2. ¸ðµâÀÇ Àü¹ÝÀûÀÎ ¼³¸í
6.19.3. °èÁ¤°ü¸® ±¸¼º¿ä¼Ò
6.19.4. ÀÎÁõ°ü¸® ±¸¼º¿ä¼Ò
6.19.5. Æнº¿öµå°ü¸® ±¸¼º¿ä¼Ò
6.19.6. ¼¼¼Ç°ü¸® ±¸¼º¿ä¼Ò
6.20. The RADIUS session module
6.20.1. °³¿ä
6.20.2. ¸ðµâÀÇ Àü¹ÝÀûÀÎ ¼³¸í
6.20.3. ¼¼¼Ç°ü¸® ±¸¼º¿ä¼Ò
6.21. The rhosts module
6.21.1. °³¿ä
6.21.2. ¸ðµâÀÇ Àü¹ÝÀûÀÎ ¼³¸í
6.21.3. ÀÎÁõ°ü¸® ±¸¼º¿ä¼Ò
6.22. The root access module
6.22.1. °³¿ä
6.22.2. ¸ðµâÀÇ Àü¹ÝÀûÀÎ ¼³¸í
6.22.3. ÀÎÁõ°ü¸® ºÎºÐ
6.23. The securetty module
6.23.1. °³¿ä
6.23.2. ¸ðµâÀÇ Àü¹ÝÀûÀÎ ¼³¸í
6.23.3. ÀÎÁõ°ü¸® ±¸¼º¿ä¼Ò
6.24. The login counter(tallying) module
6.24.1. °³¿ä
6.24.2. ¸ðµâÀÇ Àü¹ÝÀûÀÎ ¼³¸í
6.24.3. µÎ ±¸¼º¿ä¼Ò¿¡¼­ ¸ðµÎ »ç¿ëµÇ´Â ÀϹÝÀûÀÎ ¿É¼Ç
6.24.4. ÀÎÁõ°ü¸® ±¸¼º¿ä¼Ò
6.24.5. °èÁ¤°ü¸® ±¸¼º¿ä¼Ò
6.25. Time control
6.25.1. °³¿ä
6.25.2. ¸ðµâÀÇ Àü¹ÝÀûÀÎ ¼³¸í
6.25.3. °èÁ¤°ü¸® ±¸¼º¿ä¼Ò
6.26. The Unix Password module
6.26.1. °³¿ä
6.26.2. ¸ðµâÀÇ Àü¹ÝÀûÀÎ ¼³¸í
6.26.3. °èÁ¤°ü¸® ±¸¼º¿ä¼Ò
6.26.4. ÀÎÁõ°ü¸® ±¸¼º¿ä¼Ò
6.26.5. Æнº¿öµå°ü¸® ±¸¼º¿ä¼Ò
6.26.6. ¼¼¼Ç°ü¸® ±¸¼º¿ä¼Ò
6.27. The userdb module
6.27.1. °³¿ä
6.27.2. ¸ðµâÀÇ Àü¹ÝÀûÀÎ ¼³¸í
6.27.3. ÀÎÁõ°ü¸® ±¸¼º¿ä¼Ò
6.28. Warning logger module
6.28.1. °³¿ä
6.28.2. ¸ðµâÀÇ Àü¹ÝÀûÀÎ ¼³¸í
6.28.3. ÀÎÁõ°ü¸®+Æнº¿öµå°ü¸® ±¸¼º¿ä¼Ò
6.29. ÈÙ ±×·ì ¸ðµâ(The wheel module)
6.29.1. °³¿ä
6.29.2. ¸ðµâÀÇ Àü¹ÝÀûÀÎ ¼³¸í
6.29.3. ÀÎÁõ°ü¸® ±¸¼º¿ä¼Ò
7. ÆÄÀϵé(Files)
8. °ü·Ã Âü°í(See Also)
9. ÁÖÀÇ, Âü°í»çÇ×(Notes)
10. ÀúÀÚ/°¨»çÀλç(Author/acknowledgments)
11. ¹ö±×/Å»ÀÚ(Bugs/omissions)
12. ÀÌ ¹®¼­¿¡ ´ëÇÑ ÀúÀÛ±Ç(Copyright information for this document)
  ´ÙÀ½
  ¼Ò°³(Introduction)