BSDCan2016 - v1.1.24a
BSDCan 2016
The Technical BSD Conference
| Speakers | |
|---|---|
|
Michael W. Lucas |
| Schedule | |
|---|---|
| Day | Talks #1 - 10 June - 2016-06-10 |
| Room | DMS 1110 |
| Start time | 14:45 |
| Duration | 01:00 |
| Info | |
| ID | 679 |
| Event type | Lecture |
| Track | System Administration |
| Language used for presentation | English |
OpenPAM and BSD
Pluggable Authentication Modules, or PAM, are the closest thing sysadmins have to black magic. The configuration language is baffling, the rules perplexing, and the end result is people not understand how their authentication works.
Pluggable Authentication Modules, or PAM, are the closest thing sysadmins have to black magic. The configuration language is baffling, the rules perplexing, and the end result is people not understand how their authentication works.
This talk is a crash course in the OpenPAM implementation used by most BSD variants. We'll cover how PAM works and implementing common scenarios like two-factor authentication and optional authentication methods. We'll then discuss useful PAM modules, both common ones that ship with OpenPAM and add-on packages. You'll learn how to use your SSH agent for more than SSH, implement hardware token authentication, Google Authenticator, lock accounts that fail to authenticate, authenticate any application against a list of permitted users, and more.
We'll also go through debugging PAM problems and ensuring that your PAM setup not only does what you want it to do, but doesn't allow access you didn't intend.