PIM

PIM

NAME

PIM - pluggable identification modules

DESCRIPTION

This manual page is intended as an introduction to PIM. More information is available for developers and system administrators in appropriated sections of the manual.

PIM OVERVIEW

The PIM library primary's objective is to enable the system administrator to setup a different identification policy on a per application basis, even with applications that do not provide this possibility.

The term identification here refers to information that is usually stored in the /etc/passwd and /etc/group files on Unix systems: login name, user id, group id, user real name or comments, home directory, command interpreter, and group members. Authentication related fields (ie. passwords) are handled by PIM, but are not always taken into account, as PAM may perform the authentication process.

In order to use PIM in conjunction with a given application, two cases are to be considered:

• the application is a PIM-aware application, in which case its documentation will state how it should be setup to provide PIM's benefits;
• or the application doesn't know anything about PIM, and then it should be run with PIM preloaded by the operating system's dynamic loader. On most systems, the simple way to do so is to run the application with the LD_PRELOAD environment variable pointing to the pim.so dynamic library (in most cases the complete path to the file should be used).

At last, PIM needs to know how its identification functions should be performed. To instruct PIM about this, the PIM_SERVICE environment variable should be set to the name of the configuration file that will be used for the application (for non PIM-aware applications, as PIM-aware applications applications will have a configuration file or command line option to specify this). All applications that use the same configuration may also use the same file, we thus won't speak about applications any longer but about PIM services. If the PIM_SERVICE variable does not contain a complete path, PIM will look for the appropriate path in the default services configuration directory. If no service name has been provided at all, then PIM will use the reserved service name other.

ENVIRONMENT

The following environment variables affect PIM's behaviour. Note that they not only are not honored in setuid/setgid applications, but they are even unset by such applications. They are also ignored by PIM-aware applications.

• PIM_CONF is the directory where configuration files for each PIM service reside (default value is /etc/pim.d).
• PIM_SERVICE is the PIM service: the configuration file that will be used to initialize PIM is $PIM_CONF/$PIM_SERVICE (default value other).
• PIM_MODULES is the directory where PIM modules reside (default value /lib/pim).

DIAGNOSTICS

The errors generated by the PIM library and its modules will typically be directed to syslog(3) and should be self-explanatory.

BUGS

There is currently no support for Linux's glibc reentrant identification functions, PIM should thus not be used in conjunction with multithreaded applications, as this may introduce some security breaches.

SEE ALSO

pim(3), pim(5), pam(7)

AUTHOR

Brieuc "BBP" Jeunhomme (<bbp@via.ecp.fr>)