| < Previous PageNext Page > | |
|
|
|
|
|
|
User authentication is implemented using Pluggable Authentication Modules (PAM). During the device boot sequence, the realmlogin script loads the login program, which loads the PAM libraries. PAM initiates authentication by loading the PAM modules.
You configure these PAM modules to modify the order of the authentication sequence, the required authentication tokens, and the types of authentication modules required for a successful login. For example, you might want to modify the authentication sequence to bypass the username/password authentication and use only fingerprint authentication. Or, you may not want to utilize the fingerprint scanner at all for authentication.
To modify the authentication sequence, edit the etc/pam.d/ realm-mps file. After you modify the PAM files, you deploy them in a package that must be created after the modification.
The default realm-mps configuration file looks like:
| //Default realm-mps configuration file for user authentication sequence | |
| #%PAM-1.0 | // the version of PAM |
| auth required pam_thumbprint.so | // prompts the user for a fingerprint, then checks the fingerprint against the fingerprint // database located at /etc/tpsdb |
| account required pam_unix.so | // performs any necessary account verification, such as checking whether an account // or password has expired |
As shown above, the realm-mps file uses components from two PAM configuration modules:
For more information on PAM modules and parameters, refer to The Linux-PAM Administrator's Guide at: http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam.html , or use the Third-party documentation link in the left-pane of the SDK Table of Contents.
Note: Any application you create that needs authentication information must use the PAM library to obtain needed credentials.
|
| |
|
| |
| < Previous PageNext Page > | |
|
|
|
|
Copyright © Realm Systems, Inc. 2003-2005.
All rights reserved. |