User Authentication HOWTO

Peter Hernberg

Floris Lambrechts - Language changes, various small fixes (v0.8).

2000-05-02

Revision History
Revision 0.92004-04-03Revised by: fl
updated external links
Revision 0.82003-02-20Revised by: fl
language changes, various small fixes
Revision 0.52000-05-15Revised by: ph
added section on securing pam, added resources section
Revision 0.12000-05-02Revised by: ph
initial version

Explains how user and group information is stored and how users are authenticated on a Linux system (PAM), and how to secure you system's user authentication.


Table of Contents
1. Introduction
1.1. How this document came to be
1.2. New versions
1.3. Feedback
1.4. Copyrights and Trademarks
1.5. Acknowledgements and Thanks
1.6. Assumptions about the reader
2. How User Information is Stored on Your System
2.1. /etc/passwd
2.2. Shadow passwords
2.3. /etc/group and /etc/gshadow
2.4. MD5 encrypted passwords
2.5. Sifting through the mess
3. PAM (Pluggable Authentication Modules)
3.1. Why
3.2. What
3.3. How
3.4. Getting more information
4. Securing User Authentication
4.1. A strong /etc/pam.d/other
4.2. Disabling logins for user with null passwords
4.3. Disable unused services
4.4. Password-cracking tools
4.5. Shadow and MD5 passwords
5. Tying it all together
5.1. Apache + mod_auth_pam
5.2. Our example
5.3. Installing mod_auth_pam
5.4. Configuring PAM
5.5. Configuring Apache
5.6. Testing our setup
6. Resources
6.1. PAM
6.2. General Security
6.3. Offline Documentation
7. Conclusion