nerdexam
GIAC

GCIH · Question #660

What can be used to link UNIX authentication with other mechanisms?

The correct answer is B. PAM. PAM (Pluggable Authentication Modules) is the standard UNIX framework for linking authentication with external mechanisms such as LDAP, Kerberos, and OTP systems.

Vulnerability Exploitation & Privilege Escalation

Question

What can be used to link UNIX authentication with other mechanisms?

Options

  • ASYSKEY
  • BPAM
  • CS/KEY
  • DShadow

How the community answered

(31 responses)
  • A
    3% (1)
  • B
    94% (29)
  • C
    3% (1)

Why each option

PAM (Pluggable Authentication Modules) is the standard UNIX framework for linking authentication with external mechanisms such as LDAP, Kerberos, and OTP systems.

ASYSKEY

SYSKEY was a Windows NT/2000/XP feature for encrypting the SAM database, not a UNIX authentication linking mechanism.

BPAMCorrect

PAM provides a modular, configurable authentication framework on UNIX and Linux systems that allows administrators to plug in multiple authentication backends - such as LDAP, Kerberos, or one-time password systems - without modifying individual applications. This makes it the definitive mechanism for linking UNIX authentication with other systems, as each module can be stacked and configured independently per service.

CS/KEY

S/KEY is a one-time password (OTP) authentication scheme, not a framework for linking or extending UNIX authentication to other mechanisms.

DShadow

Shadow refers to the /etc/shadow file that stores hashed user passwords on UNIX systems, not a mechanism for integrating authentication with external systems.

Concept tested: UNIX PAM authentication framework and integration

Source: https://www.linux-pam.org/Linux-PAM-html/Linux-PAM_SAG.html

Topics

#PAM#UNIX authentication#pluggable authentication#Linux security

Community Discussion

No community discussion yet for this question.

Full GCIH Practice