Manualshelf

Specifications

ManualsBrandsRed Hat ManualsOtherENTERPRISE LINUX 3 - DEVELOPER TOOLS GUIDE
81828384858687888990
Red Hat Enterprise Linux to Oracle Solaris Porting Guide
84
Chapter 9 Infrastructure Differences
Most enterprise applications have a great deal in commonno matter what the application does or
who uses it. Almost every enterprise application requires services such as authentication, logging,
persistence, security, and so on. In most applications, each service is either developed by the
application developer, or reused after customizing the offerings provided by different vendors, or
implemented by leveraging the frameworks provided by the operating system.
Applications developed using a framework are interoperable with market standards. Generally, a
framework provided by the operating system ensures conformance with the standards, maintainability,
and upgradability as well as availability across multiple platforms at lower cost. Software is all about
reusability and adapting to change. A framework provides the certainty that you are developing an
application that is in full compliance with the business rules, that is structured, and that is portable,
maintainable, and upgradable with changing business rules and compliance requirements.
In short, if instead of having a custom-built implementation, your application uses a framework
provided by the operating system, for example, a security framework, file system framework,
cryptographic framework, or hot-plug framework, migration from one platform to another becomes
simple. Most frameworks available on RHEL are available on Oracle Solaris 11 and maintains similar,
if not the same, interfaces.
This chapter is intended for developers of system-entry applications that provide authentication,
account management, session management, and password management through Pluggable
Authentication Modules (PAM) modules. The goal of this chapter is to describe differences in
implementation and things to consider while migrating an application from RHEL to Oracle Solaris 11.
Pluggable Authentication Module (PAM)
PAM provides system-entry applications with authentication and related security services for managing
accounts, sessions, and passwords. Applications such as login, rlogin, and telnet are typical
consumers of PAM services. The framework provides a uniform way for authentication-related
activities to take place. This approach enables application developers to use PAM services without
having to know the semantics of the policy. Algorithms are centrally supplied and can be modified
independently of individual applications.
The PAM library libpam(3LIB) is the central element in the PAM architecture. It exports an API,
pam(3PAM), that applications can call for authentication, account management, credential
establishment, session management, and password changes. The libpam library imports a master
configuration file, pam.conf, that specifies the PAM module requirements for each available service.
It also imports a Service Provider Interface (SPI), pam_sm(3PAM), which is exported by the service
modules.
RHEL and Oracle Solaris 11 provide similar PAM infrastructures. Though similar functionality is
available on both the platforms, there are subtle differences in the two implementations.