Book Review: PAM Mastery

Posted on in Categories Reviews last updated May 19, 2017

PAM Mastery Book ReviewLinux, FreeBSD, and Unix-like systems are multi-user and need some way of authenticating individual users. Back in the old days, this was done in different ways. You need to change each Unix application to use different authentication scheme. Also, authentication schemes differed between a variant of Unix systems. Porting was a nightmare. For example to use Windows Server (Active Directory) or LDAP for authentication you need to make changes to an application. Each application had its way of authenticating users. So Open Group lead to the development of PAM for the Unix-like system. Today Linux, FreeBSD, MacOS X and many other Unix-like systems are configured to use a centralized authentication mechanism called Pluggable Authentication Modules (PAM). The book “PAM Mastery” deals with the black magic of PAM.

The book starts with the basic concepts about PAM and authentication. You learn about Multi-Factor Authentication and why use PAM instead of changing each program to authenticate the user. The author went into great details about why PAM is useful for developers and sysadmin for several reasons. The examples cover CentOS Linux (RHEL and clones), Debian Linux, and FreeBSD Unix system.

I like the way the author described PAM Configuration Files and Common Modules that covers everyday scenarios for the sysadmin. PAM configuration file format and PAM Module Interfaces are discussed in easy to understand language. Control flags in PAM can be very confusing for new sysadmins. Modules can be stacked in a particular order, and the control flags determine how important the success or failure of a particular module.

I like the chapter about popular Linux PAM modules and debugging a lot. Creating access or denying access to the user based on a text file is another good use case for PAM.

There is also a chapter about using one-time passwords (Google Authenticator) for your application. The algorithm used for the one-time password in the Google Authenticator app is known as the Time-based One-Time Password (TOTP) algorithm. You can use TOTP for ssh and desktop login too.

The final chapter is all about enforcing good password policies for users and apps using PAM.

PAM has been adapted to work with a variety of Unix distributions including Linux, FreeBSD, Mac OS X and more. The sysadmin would find this book useful as it covers a common authentication scheme that can be used with a wide variety of applications on Unix. You will master PAM topics and take control over authentication for your organization IT infrastructure. If you are Linux or Unix sysadmin, I would highly recommend this book. Once again Michael W Lucas nailed it. The only book you may need for PAM deployment.

Book Info:

* Title: PAM Mastery (IT Mastery Book 10)
* Author: Michael W. Lucas.
* Publisher: Tilted Windmill Press.
* Length: 183 pages.
* Target: Professional system administrators or hobbyist interested in the FreeBSD/CentOS/RHEL/Debian Linux system.
* Rating: 4.5/5
* Disclaimer: Tilted Windmill Press sent us a review copy.
* Purchase online at Amazon (Kindle Edition).

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.