PIM - pluggable identification modules


This manual page is intended as an introduction to PIM. More information is available for developers and system administrators in appropriated sections of the manual.


The PIM library primary's objective is to enable the system administrator to setup a different identification policy on a per application basis, even with applications that do not provide this possibility.

The term identification here refers to information that is usually stored in the /etc/passwd and /etc/group files on Unix systems: login name, user id, group id, user real name or comments, home directory, command interpreter, and group members. Authentication related fields (ie. passwords) are handled by PIM, but are not always taken into account, as PAM may perform the authentication process.

In order to use PIM in conjunction with a given application, two cases are to be considered:

At last, PIM needs to know how its identification functions should be performed. To instruct PIM about this, the PIM_SERVICE environment variable should be set to the name of the configuration file that will be used for the application (for non PIM-aware applications, as PIM-aware applications applications will have a configuration file or command line option to specify this). All applications that use the same configuration may also use the same file, we thus won't speak about applications any longer but about PIM services. If the PIM_SERVICE variable does not contain a complete path, PIM will look for the appropriate path in the default services configuration directory. If no service name has been provided at all, then PIM will use the reserved service name other.


The following environment variables affect PIM's behaviour. Note that they not only are not honored in setuid/setgid applications, but they are even unset by such applications. They are also ignored by PIM-aware applications.


The errors generated by the PIM library and its modules will typically be directed to syslog(3) and should be self-explanatory.


There is currently no support for Linux's glibc reentrant identification functions, PIM should thus not be used in conjunction with multithreaded applications, as this may introduce some security breaches.


pim(3), pim(5), pam(7)


Brieuc "BBP" Jeunhomme (<bbp@via.ecp.fr>)