Pluggable Authentication Modules (PAM)

You can configure the Reflection for Secure IT server to use Pluggable Authentication Modules (PAM) in combination with keyboard interactive authentication. PAM employs runtime pluggable modules that provide authentication-related services. These modules are divided into four categories: authentication, account management, session management, and password management.

When PAM is configured, Reflection for Secure IT transfers control of authentication to the PAM library. The PAM library loads the modules specified in the PAM configuration file, and the PAM library prompts Reflection for Secure IT to confirm successful authentication.

The following server keywords configure PAM authentication on the server.

Server keyword

Configuration information

AuthKbdInt.Required

To use PAM for authentication and password management:

AuthKbdInt.Required=pam

 

AccountManagement

To use PAM for account management:

AccountManagement=pam

 

UsePamSessions

To use PAM for session management:

UsePamSessions=yes

 

PamServiceName

To specify the name of the PAM service. The default is:

PamServiceName=ssh

 

PamServiceNameForInternal
Processes

To specify a PAM service to be used for internal processes. For example:

PamServiceNameForInternalProcesses ssh-shell

 

PamServiceNameForSubsystems

To specify a PAM service to be used for subsystems. For example:

PAMServiceNameforSubsystems sftp ssh-sftp

 

Related Topics

Configure PAM Authentication

Configure Keyboard Interactive Authentication