From owner-freebsd-isp  Sat Dec 29 11:50:31 2001
Delivered-To: freebsd-isp@freebsd.org
Received: from cody.jharris.com (cody.jharris.com [205.238.128.83])
	by hub.freebsd.org (Postfix) with ESMTP id 53FD237B41E
	for <freebsd-isp@FreeBSD.ORG>; Sat, 29 Dec 2001 11:50:05 -0800 (PST)
Received: from localhost (nick@localhost)
	by cody.jharris.com (8.11.1/8.9.3) with ESMTP id fBTJo3P24819;
	Sat, 29 Dec 2001 13:50:03 -0600 (CST)
	(envelope-from nick@rogness.net)
Date: Sat, 29 Dec 2001 13:50:02 -0600 (CST)
From: Nick Rogness <nick@rogness.net>
X-Sender: nick@cody.jharris.com
To: Noah Davidson <Noah@oopz.com>
Cc: freebsd-isp@FreeBSD.ORG
Subject: Re: PAM
In-Reply-To: <A6A82340FB3DB643A0678E3B10CD5AC10297B7@xela.oopz.com>
Message-ID: <Pine.BSF.4.21.0112291337540.13502-100000@cody.jharris.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-isp.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-isp>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-isp>
X-Loop: FreeBSD.org

On Fri, 28 Dec 2001, Noah Davidson wrote:

> I have been reading about PAM.  I am completely confused how PAM can
> authenticate users.  We now have users in the standard Unix password
> file.  The server that I am looking into implementing this on is a
> sendmail server.  the biggest question is how can the users
> authenticate?  Does PAM authenticate the users, or does PAM use
> something else to actually authenticate like mysql.  Can someone
> please help me, also can someone point me somewhere I can get this
> kind of information?

	PAM by itself can not authenticate users.  The Application must
	make a call to PAM for authentication and look at the response to
	see if it is successfull.  It kinda works like this:

	1) Application sends authentication request to PAM (including
	   username/password/etc)

	2) A PAM module, configured in /etc/pam.conf for the app, tries to
	   authenticate them using the method specified for the module, eg
	   pam_mysql.so uses MySQL, pam_unix.so uses unix password file, 
	   etc.

	3) If the PAM module (in above step) is successful, it returns
	   PAM_SUCCESS flag back to the application.  Otherwise it returns
	   a PAM error.

	4) The application must look at the returned flag to see if it is
	   PAM_SUCCESS or error and take appropriate action.


	For more information checkout:

	http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/


Nick Rogness <nick@rogness.net>
 - Don't mind me...I'm just sniffing your packets


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message