[ale] pam vs. shadow passwords

Michael H. Warfield mhw at wittsend.com
Tue Feb 2 10:20:58 EST 1999


Lisa Chiang enscribed thusly:
> Can anyone explain the difference between these two methods?

> I know that Redhat uses pam to control access to xdm etc... but where is the
> Suse equivalent? Does pam create encrypted user passwords like shadow or are
> they mutually exclusive?

	PAM, or plugable authentication modules, is a way to "plug-in" or
change authentication systems without recompiling programs.  PAM itself
is merely an archetecture on which to hang things like NIS, NIS+, Kerberos,
and Shadow Passwords.  The idea then is that if you want to change your
authentication method from standard passwords to shadow passwords, you
convert your files and the reconfigure the pam modules.  All of your
"pamified" applications then automagically start using the new authentication
method.  Shadow passwords are only one of those methods...  So you could say
that shadow passwords are a subset or a service of PAM.   You can also have
applications with something like shadow passwords hard linked, but then
you can't switch without replacing libraries or recompiling apps.

> Thanks.
> 
> --
> Lisa Chiang
> Georgia Institute of Technology
> gt6492d at gatech.campuscwix.net
> 


-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!






More information about the Ale mailing list