Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Authentication under modern Unix systems is handled by the Pluggable Authenticat

ID: 3802766 • Letter: A

Question

Authentication under modern Unix systems is handled by the Pluggable
Authentication Module (PAM) system. In about a page and in your own
words explain the PAM system as it is implemented on a Linux distri-
bution and why it was introduced.
Using the login service file found in the course virtual machine (see
/etc/pam.d/login ) as an example, explain how a service is con-
figured and discuss the implications of each configuration line. Your
explanation should include discussions on the following:
• what is the module-type parameter,
• what is the control flag,
• what does it mean that the service file is a stack,
• what is a pam module.
Notes:
a. Be aware that there are subtle differences between different Unix
distributions—the question explicitly states discuss the Linux ver-
sion only!
b. The topics above are linked to each other and the question, they
are not independent of each other. They are provided as a minimal
guide only. Do not simply write an unconnected paragraph on
each without linking the concepts together.
c. List all resources used in answering this question.
d. Please do not fall into the trap of answering the question by us-
ing unexplained technical terms—you must explain all technical
terms used especially if they have not been used anywhere else
in the course. Assume you a writing for someone who knows
nothing about PAM.

Explanation / Answer

The Linux kernel provides a simple framework, allowing drivers to declare parameters that the user can specify on either boot or module load and then have these parameters exposed in your driver as global variables. These module parameters also show up in sysfs (see Chapter 17," kobjects and sysfs"). Consequently, creating and managing module parameters that can be specified in a myriad of convenient ways is trivial.

Defining a module parameter is done via the macro module_param():

Parameterized modules are to modules what functions are to base values. Just like a function returns a new value from the values of its parameters, a parameterized module builds a new module from the modules given as parameters. Parameterized modules are also called functors.

The addition of functors to the module language increases the opportunities for code reuse in structures.

To determine the continuation or failure behavior from a module during the authentication process, you must select one of four control flags for each entry in the PAM configuration file, /etc/pam.conf. The control flags indicate how a successful attempt or a failed attempt through each module is handled. Even though these flags apply to all module types, the following explanation assumes that these flags are being used for authentication modules. The control flags are as follows:

required - With this control flag, the module must return success in order to have the overall result be successful.

If all modules are flagged as required, then authentication through all modules must succeed for the user to be authenticated.

If some modules fail, then an error value from the first failed module is reported.

optional - If a module with this control flag fails, the overall result can be successful if another module in this stack returns success.

The optional control flag should be used when successful authentication in the stack is enough for a user to be authenticated. This flag should only be used if it is not important for this particular mechanism to succeed.

sufficient - If a module with this control flag is successful, skip the remaining modules in the stack, even if they are flagged as required.

requisite - With this control flag, the module must return success for additional authentication to occur.

If a failure occurs for a module that is flagged as requisite, an error is immediately returned to the application, and no additional authentication is done. If the stack does not include prior modules flagged as required that failed, then the error from this module is returned. If an earlier module flagged as required has failed, the error message from the required module is returned.

A stack is a collection of services that make up an application in a specific environment. A stack file is a file in YAML format, similar to a docker-compose.yml file, that defines one or more services. The YAML reference is documented here.

Stack files define environment variables, deployment tags, the number of containers, and related environment-specific configuration. Because of this, you should use a separate stack file for development, staging, production, and other environments.

Related Questions

Austin Clinic deposits all cash receipts on the day when they are received and i
Question #2568754
Austin Co. manufactures a product called Aster in a three-process series. All ma
Question #2558139
Austin Co., manufactures a product called Aster in a three-process series. All m
Question #2508825
Austin Community College Chemistry Chem 1111 Pre-Lab Assignment Solution Sleuth
Question #497835
Austin Company began year 2011 with 33000 units of product as of January 1 inven
Question #2372405
Austin Company has the following securities in its portfolio of trading equity s
Question #2591577
Austin Company is investigating four different investment opportunities. Informa
Question #2375817
Austin Company is investigating four different investment opportunities. Informa
Question #2376309

Navigate

Previous
Authentication mechanisms is (are) challenge-response authentication protocol en
Next
Authentication uses three primary elements: Something You Know (This would inclu

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.