PAM:
login,su….application… …..
PAM Library
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| …. | ||
|
| PAM_UNIX |
|
| PAM_LDAP |
| PAM_Kerberos | |||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| NSS: |
|
|
|
|
|
|
|
|
|
|
| ||||||
|
|
| getpwnam() |
|
| getgrnam() | …. | |||||||||||
|
|
|
|
|
|
|
|
| ||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| NSS Engine |
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ||
|
|
|
|
|
|
|
|
|
|
|
|
|
| …. | ||||
|
| NSS_FILES |
|
|
| NSS_NIS |
|
|
| NSS_LDAP |
|
| ||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Application services
Reads /etc/pam.conf to see which authentication module to use
Authentication modules
APIs to access user/system information
Reads /etc/nsswitch.conf to decide which name service module to use
Name service modules
Windows 2000
Following two primary Windows 2000 features built on top of existing industry standards improve Windows 2000’s capability to interoperate with UNIX platforms:
Active Directory (AD):
This is an LDAP based directory which Windows 2000 uses to store all its data. LDAP is an open internet standard. The support of LDAP allows Windows 2000 to interoperate with other vendors’ LDAP directory enabled applications.
Kerberos Services:
Kerberos is the primary authentication method for Microsoft clients connecting to Windows 2000 server. Kerberos is an industry standard for network security. With the support of Kerberos authentication, Windows 2000 is able to authenticate Kerberos clients regardless of what platforms the clients reside on.
Active Directory and Kerberos are integrated seamlessly in the Windows 2000 operating system. Active Directory domain controllers are automatically configured to provide Kerberos with authentication services, and by default, all Windows 2000 computers are configured to operate as Kerberos clients.
Services for UNIX (SFU):
5
