<HTML ><HEAD ><TITLE > User Authentication HOWTO </TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK REL="NEXT" TITLE=" Introduction " HREF="x40.html"><META NAME="KEYWORD" CONTENT="User Authentication"><META NAME="KEYWORD" CONTENT="user"><META NAME="KEYWORD" CONTENT="password"><META NAME="KEYWORD" CONTENT="PAM"><META NAME="KEYWORD" CONTENT="NIS"><META NAME="KEYWORD" CONTENT="/etc/passwd"><META NAME="KEYWORD" CONTENT="/etc/shadow"><META NAME="KEYWORD" CONTENT="/etc/group"><META NAME="KEYWORD" CONTENT="/etc/gshadow"></HEAD ><BODY CLASS="ARTICLE" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="ARTICLE" ><DIV CLASS="TITLEPAGE" ><H1 CLASS="TITLE" ><A NAME="AEN2" ></A >User Authentication HOWTO</H1 ><H3 CLASS="AUTHOR" ><A NAME="AEN4" >Peter Hernberg</A ></H3 ><P CLASS="OTHERCREDIT" ><B >Floris Lambrechts - </B ><SPAN CLASS="CONTRIB" > Language changes, various small fixes (v0.8). </SPAN ></P ><P CLASS="PUBDATE" > 2000-05-02 <BR></P ><DIV CLASS="REVHISTORY" ><TABLE WIDTH="100%" BORDER="0" ><TR ><TH ALIGN="LEFT" VALIGN="TOP" COLSPAN="3" ><B >Revision History</B ></TH ></TR ><TR ><TD ALIGN="LEFT" >Revision 0.8</TD ><TD ALIGN="LEFT" >2003-02-20</TD ><TD ALIGN="LEFT" >Revised by: fl</TD ></TR ><TR ><TD ALIGN="LEFT" COLSPAN="3" >language changes, various small fixes</TD ></TR ><TR ><TD ALIGN="LEFT" >Revision 0.5</TD ><TD ALIGN="LEFT" >2000-05-15</TD ><TD ALIGN="LEFT" >Revised by: ph</TD ></TR ><TR ><TD ALIGN="LEFT" COLSPAN="3" >added section on securing pam, added resources section</TD ></TR ><TR ><TD ALIGN="LEFT" >Revision 0.1</TD ><TD ALIGN="LEFT" >2000-05-02</TD ><TD ALIGN="LEFT" >Revised by: ph</TD ></TR ><TR ><TD ALIGN="LEFT" COLSPAN="3" >initial version</TD ></TR ></TABLE ></DIV ><DIV ><DIV CLASS="ABSTRACT" ><A NAME="AEN7" ></A ><P ></P ><P > Explains how user and group information is stored and how users are authenticated on a Linux system (PAM), and how to secure you system's user authentication. </P ><P ></P ></DIV ></DIV ><HR></DIV ><DIV CLASS="TOC" ><DL ><DT ><B >Table of Contents</B ></DT ><DT >1. <A HREF="x40.html" >Introduction</A ></DT ><DD ><DL ><DT >1.1. <A HREF="x40.html#AEN42" >How this document came to be</A ></DT ><DT >1.2. <A HREF="x40.html#AEN45" >New versions</A ></DT ><DT >1.3. <A HREF="x40.html#AEN48" >Feedback</A ></DT ><DT >1.4. <A HREF="x40.html#AEN51" >Copyrights and Trademarks</A ></DT ><DT >1.5. <A HREF="x40.html#AEN64" >Acknowledgements and Thanks</A ></DT ><DT >1.6. <A HREF="x40.html#AEN68" >Assumptions about the reader</A ></DT ></DL ></DD ><DT >2. <A HREF="x71.html" >How User Information is Stored on Your System</A ></DT ><DD ><DL ><DT >2.1. <A HREF="x71.html#AEN73" ><TT CLASS="FILENAME" >/etc/passwd</TT ></A ></DT ><DT >2.2. <A HREF="x71.html#AEN81" >Shadow passwords</A ></DT ><DT >2.3. <A HREF="x71.html#AEN95" ><TT CLASS="FILENAME" >/etc/group</TT > and <TT CLASS="FILENAME" >/etc/gshadow</TT ></A ></DT ><DT >2.4. <A HREF="x71.html#AEN106" >MD5 encrypted passwords</A ></DT ><DT >2.5. <A HREF="x71.html#AEN109" >Sifting through the mess</A ></DT ></DL ></DD ><DT >3. <A HREF="x115.html" >PAM (Pluggable Authentication Modules)</A ></DT ><DD ><DL ><DT >3.1. <A HREF="x115.html#AEN118" >Why</A ></DT ><DT >3.2. <A HREF="x115.html#AEN127" >What</A ></DT ><DT >3.3. <A HREF="x115.html#AEN153" >How</A ></DT ><DT >3.4. <A HREF="x115.html#AEN259" >Getting more information</A ></DT ></DL ></DD ><DT >4. <A HREF="x263.html" >Securing User Authentication</A ></DT ><DD ><DL ><DT >4.1. <A HREF="x263.html#AEN266" >A strong <TT CLASS="FILENAME" >/etc/pam.d/other</TT ></A ></DT ><DT >4.2. <A HREF="x263.html#AEN295" >Disabling logins for user with null passwords</A ></DT ><DT >4.3. <A HREF="x263.html#AEN302" >Disable unused services</A ></DT ><DT >4.4. <A HREF="x263.html#AEN307" >Password-cracking tools</A ></DT ><DT >4.5. <A HREF="x263.html#AEN312" >Shadow and MD5 passwords</A ></DT ></DL ></DD ><DT >5. <A HREF="x316.html" >Tying it all together</A ></DT ><DD ><DL ><DT >5.1. <A HREF="x316.html#AEN319" >Apache + mod_auth_pam</A ></DT ><DT >5.2. <A HREF="x316.html#AEN322" >Our example</A ></DT ><DT >5.3. <A HREF="x316.html#AEN326" >Installing mod_auth_pam</A ></DT ><DT >5.4. <A HREF="x316.html#AEN343" >Configuring PAM</A ></DT ><DT >5.5. <A HREF="x316.html#AEN360" >Configuring Apache</A ></DT ><DT >5.6. <A HREF="x316.html#AEN373" >Testing our setup</A ></DT ></DL ></DD ><DT >6. <A HREF="x376.html" >Resources</A ></DT ><DD ><DL ><DT >6.1. <A HREF="x376.html#AEN380" >PAM</A ></DT ><DT >6.2. <A HREF="x376.html#AEN392" >General Security</A ></DT ><DT >6.3. <A HREF="x376.html#AEN407" >Offline Documentation</A ></DT ></DL ></DD ><DT >7. <A HREF="x437.html" >Conclusion</A ></DT ></DL ></DIV ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" > </TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" > </TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="x40.html" ACCESSKEY="N" >Next</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" > </TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" > </TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >Introduction</TD ></TR ></TABLE ></DIV ></BODY ></HTML >