PAM身份验证界面和帐户界面之间有什么区别

时间:2019-02-27 06:54:28

标签: linux authentication redhat pam

在Redhat文档(位于this链接中)的PAM Module Interfaces部分下,它声明PAM模块的auth接口用于验证使用。并且使用account接口用于验证是否允许访问。

这两个接口之间是否有明显的区别,或者可以将它们代替使用?

1 个答案:

答案 0 :(得分:2)

身份验证和帐户之间的区别

身份验证  -此模块界面验证使用。例如,它请求并验证密码的有效性。具有此接口的模块还可以设置凭据,例如组成员身份或Kerberos票证。

帐户-  该模块接口验证是否允许访问。例如,它检查用户帐户是否已过期或是否允许用户在一天的特定时间登录。

  

要回答是否可以互换的问题,

     

示例:       用户'Adam'尝试登录并且设置了身份验证和帐户接口,然后接口'account'将检查'Adam'是否具有权限和   是否登录的特权,如果是,则接口“ auth”将检查   输入的密码是否正确。

Pam Manual can be followed by typing 'man pam' on terminal -- shown below

   account - provide account verification types of service: has the user's password expired?; is
   this user permitted access to the requested service?

   authentication - authenticate a user and set up user credentials. Typically this is via some
   challenge-response request that the user must satisfy: if you are who you claim to be please
   enter your password. Not all authentications are of this type, there exist hardware based
   authentication schemes (such as the use of smart-cards and biometric devices), with suitable
   modules, these may be substituted seamlessly for more standard approaches to authentication -
   such is the flexibility of Linux-PAM.