在Redhat文档(位于this链接中)的PAM Module Interfaces部分下,它声明PAM模块的auth接口用于验证使用。并且使用account接口用于验证是否允许访问。
这两个接口之间是否有明显的区别,或者可以将它们代替使用?
答案 0 :(得分:2)
身份验证和帐户之间的区别
身份验证 -此模块界面验证使用。例如,它请求并验证密码的有效性。具有此接口的模块还可以设置凭据,例如组成员身份或Kerberos票证。
帐户- 该模块接口验证是否允许访问。例如,它检查用户帐户是否已过期或是否允许用户在一天的特定时间登录。
要回答是否可以互换的问题,
示例: 用户'Adam'尝试登录并且设置了身份验证和帐户接口,然后接口'account'将检查'Adam'是否具有权限和 是否登录的特权,如果是,则接口“ auth”将检查 输入的密码是否正确。
Pam Manual can be followed by typing 'man pam' on terminal -- shown below
account - provide account verification types of service: has the user's password expired?; is
this user permitted access to the requested service?
authentication - authenticate a user and set up user credentials. Typically this is via some
challenge-response request that the user must satisfy: if you are who you claim to be please
enter your password. Not all authentications are of this type, there exist hardware based
authentication schemes (such as the use of smart-cards and biometric devices), with suitable
modules, these may be substituted seamlessly for more standard approaches to authentication -
such is the flexibility of Linux-PAM.