Pluggable Authentication Modules
A Pluggable Authentication Module (PAM) is a Java-based security mechanism. PAM provides an optional mechanism for positively identifying valid users. TDV supports it as a way for custom implementation modules to participate in the TDV logon processing.
Note: PAM implementation and management changed in TDV 7.0.3. This new PAM implementation is described here.
PAMs are tightly integrated with the TDV Server in the TDV extensions framework. Within this framework they can:
• Implement authentication against one or more Kerberos realms
• Store credentials in the user session to be applied concurrently to related data sources
• Implement custom authentication against external security access providers
• Implement ACLs (access control lists) to control access to lists of users based on a schedule or other criteria
• Perform real-time auditing and notification of user logon activity
• Enable TDV logging directly into the cs_server.log
• Generate a detailed dump of PAM configuration state & options
• Generate a dump of internal security objects like subject and principal objects
The following topics are covered: