For general applications that wish to use the services provided by Linux-PAM the following is a summary of the relevant linking information:
#include <security/pam_appl.h>
cc -o application .... -lpam -ldl
In addition to libpam
, there is a library of miscellaneous
functions that make the job of writing PAM-aware applications
easier (this library is not covered in the DCE-RFC for PAM and is
specific to the Linux-PAM distribution):
...
#include <security/pam_misc.h>
cc -o application .... -lpam -lpam_misc -ldl
Linux-PAM (Pluggable Authentication Modules for Linux) is a library that enables the local system administrator to choose how individual applications authenticate users. For an overview of the Linux-PAM library see the Linux-PAM System Administrators' Guide.
It is the purpose of the Linux-PAM project to liberate the development of privilege granting software from the development of secure and appropriate authentication schemes. This is accomplished by providing a documented library of functions that an application may use for all forms of user authentication management. This library dynamically loads locally configured authentication modules that actually perform the authentication tasks.
From the perspective of an application developer the information contained in the local configuration of the PAM library should not be important. Indeed it is intended that an application treat the functions documented here as a ``black box'' that will deal with all aspects of user authentication. ``All aspects'' includes user verification, account management, session initialization/termination and also the resetting of passwords (authentication tokens).