PAM认证模块-Mysql Tutorial-php.cn

Home

Database

Mysql Tutorial

PAM认证模块

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 07, 2016 pm 03:05 PM

lddpamyesServeCheckmoduleprogramcompileCertificationpass

通过ldd查看服务程序在编译时是否使用了libpam.so，决定服务程序是否支持PAM 认证。具体的pam文件放在/lib/security目录下，服务文件放在/etc/pam.d目录下 Pluggable Authentication Modules for Linux 可插拨认证模块当用户访问服务器，服务程序将请求

　通过ldd查看服务程序在编译时是否使用了libpam.so，决定服务程序是否支持PAM认证。具体的pam文件放在/lib/security目录下，服务文件放在/etc/pam.d目录下

Pluggable Authentication Modules for Linux 可插拨认证模块
当用户访问服务器，服务程序将请求发送到PAM模块，PAM模块根据服务名称在/etc/pam.d目录下选择一个对应的服务文件，最后根据服务文件的内容选择具体的PAM模块进行处理。

通过ldd查看服务程序在编译时是否使用了libpam.so，决定服务程序是否支持PAM认证。
具体的pam文件放在/lib/security目录下，服务文件放在/etc/pam.d目录下

PAM服务文件格式
eg:
auth        required   pam_security.so
auth        required   pam_stack.so service=system-auth
service表示调用子服务文件

Module-type：
       auth              检查用户和密码，分配权限
       account           检查账号是否过期，是否有权登录
       session           从用户登录成功到退出的会话控制
       password          控制用户改密码的过程
control-flag:
       required          要求矣须通过，否则结束退出
       requisite         如果不通过还可继续向下认证，后面有一通过即可。
       sufficient        通过则不需要向下认证
       optional          可选项

常用PAM服务文件
login       -------/etc/pam.d/login
ipop3d      -------/etc/pam.d/pop
vsftpd      -------/etc/pam.d/ftp（编译安装）或/etc/pam.d/vsftpd（rpm安装）
sshd        -------/etc/pam.d/sshd
su          -------/etc/pam.d/su
imap        -------/etc/pam.d/imap

/lib/security目录下，各个pam模块的作用，可参考/usr/share/doc/pam-0.99.3.0下的帮助文件。
相同类型Module-type组成一个堆栈。

常用PAM模块
pam_access.so            控制访问者地址与账号名称
pam_listfile.so          控制访问者的账号名称或登录位置
pam_limits.so            控制为用户分配的资源
pam_rootok.so            对管理员(uid=0)无条件允许通过
pam_userdb.so            设定独立用户账号数据库认证

pam_access.so模块的使用―――控制访问sshd服务的主机和用户
1.修改需使用这个模块的服务文件，如sshd:   /etc/pam.d/sshd添加
account   required   pam_access.so
2.修改模块的配置文件
/etc/security/access.conf
- : redhat : ALL EXCEPT 192.168.0.            （格式）
3.测试
ssh redhat@192.168.0.22
ssh redhat@127.0.0.1
pam_access.so根据主机、IP、用户、拒绝或允许访问。

pam_listfile.so的应用 (比pam_access.so更加详细控制)
1.首先查看它的帮助文件，看它的具体格式，参数如何
#less /usr/share/doc/pam-0.99.3.0/txts/README.pam_listfile
item        user,tty,group         说明列表文件中的内容
sense       allow,deny             拒绝或允许文件中的用户
file                               指定一个文件，内容根据item项来添加
onerr       succeed,fail           当模块本身产生错误时，返回的值，如无法打开file指定的文件，一般设为succeed
2.将模块应用到sshd服务
将上面添加的pam_access.so清掉，然后在/etc/pam.d/sshd中添加（第一行）
auth required   pam_listfile.so   item=user   sense=deny     file=/etc/denyuser onerr=succeed
注意添加的位置顺序，否则看不到效果
3.创建编缉列表文件
#echo “redhat” >/etc/denyuser
4.测试
#ssh -l redhat 192.168.0.22   失败
#ssh -l chinaitlab 192.168.0.22 成功

#w   显示已登录的用户及最近的一次操作

pam_limits.so的应用
1.查看帮助文件，确认它的配置文件位置，参数模式
#less /usr/share/doc/pam-0.99.3.0/txt/README.pam_limits

         用户名或组名
           soft软限制
                 hard硬限制（不能达到的）
           限制的内容，fsize文件大小，nproc最大进程数，maxlogins用户登录次数
2.将模块应用到sshd服务，修改服务文件
#vi /etc/pam.d/sshd 添加：
session required pam_limits.so
session          控制用户进程的登录次数，文件大小，通过控制用户的会话进程来限制用户使用的资源
3.编缉pam_limits.so的配置文件/etc/security/limits.conf
redhat hard     maxlogins    2
限制redhat登录到sshd服务的次数,不能达到2。
4.测试
#ssh -l redhat 192.168.0.22   第1个
#ssh -l redhat 192.168.0.22   第2个
表示同时最多可以有1个redhat用户登录

pam_rootok.so的应用
#chfn            改变用户的finger信息
普通用户使用这个命令修改信息时，需要输入密码才能使用，而root用户则不需要。
分析：
#more /etc/pam.d/chfn
第一行为auth sufficient pam_rootok.so
因为chfn的pam服务文件的第一行应用了pam_rootok.so模块，所以当root用户使用chfn时不需验证，不需要再往下，直接通过。

pam_userdb.so模块需要一个db数据库储存用户信息，具体如何使用可参考前面的vsftpd虚拟用户。

在使用PAM模块时，注意参考README.pam帮助。

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Explain the InnoDB Buffer Pool and its importance for performance.Apr 19, 2025 am 12:24 AM

InnoDBBufferPool reduces disk I/O by caching data and indexing pages, improving database performance. Its working principle includes: 1. Data reading: Read data from BufferPool; 2. Data writing: After modifying the data, write to BufferPool and refresh it to disk regularly; 3. Cache management: Use the LRU algorithm to manage cache pages; 4. Reading mechanism: Load adjacent data pages in advance. By sizing the BufferPool and using multiple instances, database performance can be optimized.

MySQL vs. Other Programming Languages: A ComparisonApr 19, 2025 am 12:22 AM

Compared with other programming languages, MySQL is mainly used to store and manage data, while other languages such as Python, Java, and C are used for logical processing and application development. MySQL is known for its high performance, scalability and cross-platform support, suitable for data management needs, while other languages have advantages in their respective fields such as data analytics, enterprise applications, and system programming.

Learning MySQL: A Step-by-Step Guide for New UsersApr 19, 2025 am 12:19 AM

MySQL is worth learning because it is a powerful open source database management system suitable for data storage, management and analysis. 1) MySQL is a relational database that uses SQL to operate data and is suitable for structured data management. 2) The SQL language is the key to interacting with MySQL and supports CRUD operations. 3) The working principle of MySQL includes client/server architecture, storage engine and query optimizer. 4) Basic usage includes creating databases and tables, and advanced usage involves joining tables using JOIN. 5) Common errors include syntax errors and permission issues, and debugging skills include checking syntax and using EXPLAIN commands. 6) Performance optimization involves the use of indexes, optimization of SQL statements and regular maintenance of databases.

MySQL: Essential Skills for Beginners to MasterApr 18, 2025 am 12:24 AM

MySQL is suitable for beginners to learn database skills. 1. Install MySQL server and client tools. 2. Understand basic SQL queries, such as SELECT. 3. Master data operations: create tables, insert, update, and delete data. 4. Learn advanced skills: subquery and window functions. 5. Debugging and optimization: Check syntax, use indexes, avoid SELECT*, and use LIMIT.

MySQL: Structured Data and Relational DatabasesApr 18, 2025 am 12:22 AM

MySQL efficiently manages structured data through table structure and SQL query, and implements inter-table relationships through foreign keys. 1. Define the data format and type when creating a table. 2. Use foreign keys to establish relationships between tables. 3. Improve performance through indexing and query optimization. 4. Regularly backup and monitor databases to ensure data security and performance optimization.

MySQL: Key Features and Capabilities ExplainedApr 18, 2025 am 12:17 AM

MySQL is an open source relational database management system that is widely used in Web development. Its key features include: 1. Supports multiple storage engines, such as InnoDB and MyISAM, suitable for different scenarios; 2. Provides master-slave replication functions to facilitate load balancing and data backup; 3. Improve query efficiency through query optimization and index use.

The Purpose of SQL: Interacting with MySQL DatabasesApr 18, 2025 am 12:12 AM

SQL is used to interact with MySQL database to realize data addition, deletion, modification, inspection and database design. 1) SQL performs data operations through SELECT, INSERT, UPDATE, DELETE statements; 2) Use CREATE, ALTER, DROP statements for database design and management; 3) Complex queries and data analysis are implemented through SQL to improve business decision-making efficiency.

MySQL for Beginners: Getting Started with Database ManagementApr 18, 2025 am 12:10 AM

The basic operations of MySQL include creating databases, tables, and using SQL to perform CRUD operations on data. 1. Create a database: CREATEDATABASEmy_first_db; 2. Create a table: CREATETABLEbooks(idINTAUTO_INCREMENTPRIMARYKEY, titleVARCHAR(100)NOTNULL, authorVARCHAR(100)NOTNULL, published_yearINT); 3. Insert data: INSERTINTObooks(title, author, published_year)VA

See all articles

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

Assassin's Creed Shadows: Seashell Riddle Solution

3 weeks agoByDDD

What's New in Windows 11 KB5054979 & How to Fix Update Issues

2 weeks agoByDDD

Where to find the Crane Control Keycard in Atomfall

3 weeks agoByDDD

Saving in R.E.P.O. Explained (And Save Files)

1 months agoBy尊渡假赌尊渡假赌尊渡假赌

Assassin's Creed Shadows - How To Find The Blacksmith And Unlock Weapon And Armour Customisation

4 weeks agoByDDD

Hot Tools

SecLists

SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.