# SOME DESCRIPTIVE TITLE # Copyright (C) YEAR The FreeBSD Project # This file is distributed under the same license as the FreeBSD Documentation package. # Fernando Apesteguía , 2021, 2022. msgid "" msgstr "" "Project-Id-Version: FreeBSD Documentation VERSION\n" "POT-Creation-Date: 2022-07-07 23:23-0300\n" "PO-Revision-Date: 2022-10-04 11:47+0000\n" "Last-Translator: Fernando Apesteguía \n" "Language-Team: Spanish \n" "Language: es\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" "X-Generator: Weblate 4.10.1\n" #. type: YAML Front Matter: description #: documentation/content/en/articles/pam/_index.adoc:1 #, no-wrap msgid "A guide to the PAM system and modules under FreeBSD" msgstr "Una guía al sistema PAM y sus módulos bajo FreeBSD" #. Copyright (c) 2001-2003 Networks Associates Technology, Inc. #. All rights reserved. #. This software was developed for the FreeBSD Project by ThinkSec AS and #. Network Associates Laboratories, the Security Research Division of #. Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 #. ("CBOSS"), as part of the DARPA CHATS research program. #. Redistribution and use in source and binary forms, with or without #. modification, are permitted provided that the following conditions #. are met: #. 1. Redistributions of source code must retain the above copyright #. notice, this list of conditions and the following disclaimer. #. 2. Redistributions in binary form must reproduce the above copyright #. notice, this list of conditions and the following disclaimer in the #. documentation and/or other materials provided with the distribution. #. 3. The name of the author may not be used to endorse or promote #. products derived from this software without specific prior written #. permission. #. THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND #. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE #. IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE #. ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE #. FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL #. DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS #. OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) #. HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT #. LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY #. OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF #. SUCH DAMAGE. #. type: Title = #: documentation/content/en/articles/pam/_index.adoc:1 #: documentation/content/en/articles/pam/_index.adoc:45 #, no-wrap msgid "Pluggable Authentication Modules" msgstr "Módulos de Autenticación Cargables" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:81 msgid "Abstract" msgstr "Resumen" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:83 msgid "" "This article describes the underlying principles and mechanisms of the " "Pluggable Authentication Modules (PAM) library, and explains how to " "configure PAM, how to integrate PAM into applications, and how to write PAM " "modules." msgstr "" "Este artículo describe los principios y mecanismos subyacentes de la " "librería Pluggable Authentication Modules (PAM), y explica cómo configurar " "PAM, cómo integrar PAM en aplicaciones y cómo escribir módulos PAM." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:85 msgid "'''" msgstr "'''" #. type: Title == #: documentation/content/en/articles/pam/_index.adoc:89 #, no-wrap msgid "Introduction" msgstr "Introducción" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:92 msgid "" "The Pluggable Authentication Modules (PAM) library is a generalized API for " "authentication-related services which allows a system administrator to add " "new authentication methods simply by installing new PAM modules, and to " "modify authentication policies by editing configuration files." msgstr "" "La librería Pluggable Authentication Modules (PAM) es una API para servicios " "relacionados con la autenticación que permite al administrador del sistema " "añadir nuevos métodos de autenticación simplemente instalando nuevos módulos " "PAM y modificando las políticas de autenticación editando el archivo de " "configuración." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:96 msgid "" "PAM was defined and developed in 1995 by Vipin Samar and Charlie Lai of Sun " "Microsystems, and has not changed much since. In 1997, the Open Group " "published the X/Open Single Sign-on (XSSO) preliminary specification, which " "standardized the PAM API and added extensions for single (or rather " "integrated) sign-on. At the time of this writing, this specification has " "not yet been adopted as a standard." msgstr "" "PAM fue definido y desarrollado en 1995 por Vipin Samar y Charlie Lai de Sun " "Microsystems, y no ha cambiado mucho desde entonces. En 1997, el Open Group " "publicó la especificación preliminar X/Open Single Sign-on (XSSO), que " "estandarizó la API de PAM y añadió las extensiones para el single sign-on. " "En el momento de escribir este artículo, esta especificación aún no se ha " "adoptado como estándar." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:98 msgid "" "Although this article focuses primarily on FreeBSD 5.x, which uses OpenPAM, " "it should be equally applicable to FreeBSD 4.x, which uses Linux-PAM, and " "other operating systems such as Linux and Solaris(TM)." msgstr "" "Aunque este artículo se centra principalmente en FreeBSD 5.x, que usa " "OpenPAM, debería ser aplicable de igual manera a FreeBSD 4.x, que usa Linux-" "PAM, y a otros sistemas operativos como Linux y Solaris(TM)." #. type: Title == #: documentation/content/en/articles/pam/_index.adoc:100 #, no-wrap msgid "Terms and Conventions" msgstr "Términos y Convenciones" #. type: Title === #: documentation/content/en/articles/pam/_index.adoc:103 #, no-wrap msgid "Definitions" msgstr "Definiciones" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:110 msgid "" "The terminology surrounding PAM is rather confused. Neither Samar and Lai's " "original paper nor the XSSO specification made any attempt at formally " "defining terms for the various actors and entities involved in PAM, and the " "terms that they do use (but do not define) are sometimes misleading and " "ambiguous. The first attempt at establishing a consistent and unambiguous " "terminology was a whitepaper written by Andrew G. Morgan (author of Linux-" "PAM) in 1999. While Morgan's choice of terminology was a huge leap forward, " "it is in this author's opinion by no means perfect. What follows is an " "attempt, heavily inspired by Morgan, to define precise and unambiguous terms " "for all actors and entities involved in PAM." msgstr "" "La terminología que rodea PAM es bastante confusa. Ni el documento original " "de Samar y Lai, ni la especificación XSSO hicieron ningún intento de definir " "formalmente los términos para los diversos actores y entidades involucradas " "en PAM, y los términos que usan (pero no definen) a veces son engañosos y " "ambiguos. El primer intento de establecer una terminología coherente e " "inequívoca fue un documento técnico escrito por Andrew G. Morgan (autor de " "Linux-PAM) en 1999. Si bien la terminología elegida por parte de Morgan fue " "un gran avance, en opinión de este autor, no es de ninguna manera perfecta. " "Las definiciones que se muestran son un intento, fuertemente inspiradas por " "Morgan, de definir de forma precisa y sin ambigüedades los términos para " "todos los actores y entidades involucradas en PAM." #. type: Labeled list #: documentation/content/en/articles/pam/_index.adoc:111 #, no-wrap msgid "account" msgstr "cuenta" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:113 msgid "The set of credentials the applicant is requesting from the arbitrator." msgstr "El conjunto de credenciales que el solicitante solicita al árbitro." #. type: Labeled list #: documentation/content/en/articles/pam/_index.adoc:114 #, no-wrap msgid "applicant" msgstr "solicitante" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:116 msgid "The user or entity requesting authentication." msgstr "El usuario o entidad que solicita la autenticación." #. type: Labeled list #: documentation/content/en/articles/pam/_index.adoc:117 #, no-wrap msgid "arbitrator" msgstr "árbitro" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:119 msgid "" "The user or entity who has the privileges necessary to verify the " "applicant's credentials and the authority to grant or deny the request." msgstr "" "El usuario o entidad que tiene los privilegios necesarios para verificar las " "credenciales del solicitante y la autoridad para otorgar o denegar la " "solicitud." #. type: Labeled list #: documentation/content/en/articles/pam/_index.adoc:120 #, no-wrap msgid "chain" msgstr "cadena" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:123 msgid "" "A sequence of modules that will be invoked in response to a PAM request. " "The chain includes information about the order in which to invoke the " "modules, what arguments to pass to them, and how to interpret the results." msgstr "" "Una secuencia de módulos que se invocarán en respuesta a una solicitud PAM. " "La cadena incluye información sobre el orden en el que invocar los módulos, " "qué argumentos pasar y cómo interpretar los resultados." #. type: Labeled list #: documentation/content/en/articles/pam/_index.adoc:124 #, no-wrap msgid "client" msgstr "cliente" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:126 msgid "" "The application responsible for initiating an authentication request on " "behalf of the applicant and for obtaining the necessary authentication " "information from him." msgstr "" "La aplicación responsable de iniciar una solicitud de autenticación en " "nombre del solicitante y de obtener la información de autenticación " "necesaria de él." #. type: Labeled list #: documentation/content/en/articles/pam/_index.adoc:127 #, no-wrap msgid "facility" msgstr "funcionalidad" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:129 msgid "" "One of the four basic groups of functionality provided by PAM: " "authentication, account management, session management and authentication " "token update." msgstr "" "Uno de los cuatro grupos básicos de funcionalidad proporcionados por PAM: " "autenticación, gestión de cuentas, gestión de sesiones y actualización del " "token de autenticación." #. type: Labeled list #: documentation/content/en/articles/pam/_index.adoc:130 #, no-wrap msgid "module" msgstr "módulo" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:132 msgid "" "A collection of one or more related functions implementing a particular " "authentication facility, gathered into a single (normally dynamically " "loadable) binary file and identified by a single name." msgstr "" "Una colección de una o más funciones relacionadas que implementan una " "funcionalidad de autenticación particular, recogida en un único archivo " "binario (normalmente cargable dinámicamente) e identificado por un solo " "nombre." #. type: Labeled list #: documentation/content/en/articles/pam/_index.adoc:133 #, no-wrap msgid "policy" msgstr "política" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:136 msgid "" "The complete set of configuration statements describing how to handle PAM " "requests for a particular service. A policy normally consists of four " "chains, one for each facility, though some services do not use all four " "facilities." msgstr "" "El conjunto completo de instrucciones de configuración que describen cómo " "manejar las solicitudes PAM para un servicio en particular. Una política " "normalmente consta de cuatro cadenas, una para cada funcionalidad, aunque " "algunos servicios no utilizan las cuatro facilidades." #. type: Labeled list #: documentation/content/en/articles/pam/_index.adoc:137 #, no-wrap msgid "server" msgstr "servidor" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:139 msgid "" "The application acting on behalf of the arbitrator to converse with the " "client, retrieve authentication information, verify the applicant's " "credentials and grant or deny requests." msgstr "" "La aplicación que actúa en nombre del árbitro para conversar con el cliente, " "recuperar información de autenticación, verificar las credenciales del " "solicitante y otorgar o rechazar solicitudes." #. type: Labeled list #: documentation/content/en/articles/pam/_index.adoc:140 #, no-wrap msgid "service" msgstr "servicio" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:143 msgid "" "A class of servers providing similar or related functionality and requiring " "similar authentication. PAM policies are defined on a per-service basis, so " "all servers that claim the same service name will be subject to the same " "policy." msgstr "" "Una clase de servidores que proporcionan una funcionalidad similar o " "relacionada y que requieren una autenticación similar. Las políticas de PAM " "se definen por cada servicio, por lo que todos los servidores que reclaman " "el mismo nombre de servicio estarán sujetos a la misma política." #. type: Labeled list #: documentation/content/en/articles/pam/_index.adoc:144 #, no-wrap msgid "session" msgstr "sesión" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:147 msgid "" "The context within which service is rendered to the applicant by the " "server. One of PAM's four facilities, session management, is concerned " "exclusively with setting up and tearing down this context." msgstr "" "El contexto dentro del cual el servidor presta el servicio al solicitante. " "Una de las cuatro funcionalidades de PAM, la gestión de sesiones, se ocupa " "exclusivamente de establecer y destruir este contexto." #. type: Labeled list #: documentation/content/en/articles/pam/_index.adoc:148 #, no-wrap msgid "token" msgstr "token" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:150 msgid "" "A chunk of information associated with the account, such as a password or " "passphrase, which the applicant must provide to prove his identity." msgstr "" "Un trozo de información asociado con la cuenta, como una contraseña o frase, " "que el solicitante debe proporcionar para probar su identidad." #. type: Labeled list #: documentation/content/en/articles/pam/_index.adoc:151 #, no-wrap msgid "transaction" msgstr "transacción" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:153 msgid "" "A sequence of requests from the same applicant to the same instance of the " "same server, beginning with authentication and session set-up and ending " "with session tear-down." msgstr "" "Una secuencia de solicitudes del mismo solicitante a la misma instancia del " "mismo servidor, comenzando con la autenticación y la configuración de la " "sesión y terminando con el desmantelamiento de la sesión." #. type: Title === #: documentation/content/en/articles/pam/_index.adoc:155 #, no-wrap msgid "Usage Examples" msgstr "Ejemplos de Uso" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:158 msgid "" "This section aims to illustrate the meanings of some of the terms defined " "above by way of a handful of simple examples." msgstr "" "Esta sección tiene como objetivo ilustrar los significados de algunos de los " "términos definidos anteriormente mediante un puñado de ejemplos simples." #. type: Title ==== #: documentation/content/en/articles/pam/_index.adoc:159 #, no-wrap msgid "Client and Server Are One" msgstr "El Cliente y el Servidor Son Uno" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:162 msgid "This simple example shows `alice` man:su[1]'ing to `root`." msgstr "Este sencillo ejemplo muestra a `alice` haciendo man:su[1] a `root`." #. type: delimited block . 4 #: documentation/content/en/articles/pam/_index.adoc:167 #, no-wrap msgid "" "% whoami\n" "alice\n" msgstr "" "% whoami\n" "alice\n" #. type: delimited block . 4 #: documentation/content/en/articles/pam/_index.adoc:170 #, no-wrap msgid "" "% ls -l `which su`\n" "-r-sr-xr-x 1 root wheel 10744 Dec 6 19:06 /usr/bin/su\n" msgstr "" "% ls -l `which su`\n" "-r-sr-xr-x 1 root wheel 10744 Dec 6 19:06 /usr/bin/su\n" #. type: delimited block . 4 #: documentation/content/en/articles/pam/_index.adoc:175 #, no-wrap msgid "" "% su -\n" "Password: xi3kiune\n" "# whoami\n" "root\n" msgstr "" "% su -\n" "Password: xi3kiune\n" "# whoami\n" "root\n" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:178 msgid "The applicant is `alice`." msgstr "El solicitante es `alice`." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:179 msgid "The account is `root`." msgstr "La cuenta es `root`." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:180 msgid "The man:su[1] process is both client and server." msgstr "El proceso man:su[1] es a la vez cliente y servidor." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:181 msgid "The authentication token is `xi3kiune`." msgstr "El token de autenticación es `xi3kiune`." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:182 msgid "The arbitrator is `root`, which is why man:su[1] is setuid `root`." msgstr "" "El árbitro es `root`, que es el motivo por el que man:su[1] tiene " "establecido el setuid a `root`." #. type: Title ==== #: documentation/content/en/articles/pam/_index.adoc:183 #, no-wrap msgid "Client and Server Are Separate" msgstr "El Cliente y el Servidor Están Separados" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:187 msgid "" "The example below shows `eve` try to initiate an man:ssh[1] connection to " "`login.example.com`, ask to log in as `bob`, and succeed. Bob should have " "chosen a better password!" msgstr "" "El ejemplo de abajo muestra a `eve` intentando iniciar una conexión " "man:ssh[1] contra `login.example.com`, pide iniciar sesión como `bob` y lo " "consigue. ¡Bob debería haber escogido una contraseña mejor!" #. type: delimited block . 4 #: documentation/content/en/articles/pam/_index.adoc:192 #, no-wrap msgid "" "% whoami\n" "eve\n" msgstr "" "% whoami\n" "eve\n" #. type: delimited block . 4 #: documentation/content/en/articles/pam/_index.adoc:200 #, no-wrap msgid "" "% ssh bob@login.example.com\n" "bob@login.example.com's password:\n" "% god\n" "Last login: Thu Oct 11 09:52:57 2001 from 192.168.0.1\n" "Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994\n" "\tThe Regents of the University of California. All rights reserved.\n" "FreeBSD 4.4-STABLE (LOGIN) 4: Tue Nov 27 18:10:34 PST 2001\n" msgstr "" "% ssh bob@login.example.com\n" "bob@login.example.com's password:\n" "% god\n" "Last login: Thu Oct 11 09:52:57 2001 from 192.168.0.1\n" "Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994\n" "\tThe Regents of the University of California. All rights reserved.\n" "FreeBSD 4.4-STABLE (LOGIN) 4: Tue Nov 27 18:10:34 PST 2001\n" #. type: delimited block . 4 #: documentation/content/en/articles/pam/_index.adoc:203 #, no-wrap msgid "" "Welcome to FreeBSD!\n" "%\n" msgstr "" "Welcome to FreeBSD!\n" "%\n" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:207 msgid "The applicant is `eve`." msgstr "El solicitante es `eve`." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:208 msgid "The client is Eve's man:ssh[1] process." msgstr "El cliente es el proceso man:ssh[1] de Eve." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:209 msgid "The server is the man:sshd[8] process on `login.example.com`" msgstr "El servidor es el proceso man:sshd[8] en `login.example.com`" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:210 msgid "The account is `bob`." msgstr "La cuenta es `bob`." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:211 msgid "The authentication token is `god`." msgstr "El token de autenticación es `god`." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:212 msgid "Although this is not shown in this example, the arbitrator is `root`." msgstr "Aunque no se muestra en el ejemplo, el árbitro es `root`." #. type: Title ==== #: documentation/content/en/articles/pam/_index.adoc:213 #, no-wrap msgid "Sample Policy" msgstr "Política de Ejemplo" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:216 msgid "The following is FreeBSD's default policy for `sshd`:" msgstr "Lo siguiente es la política por defecto de FreeBSD para `sshd`:" #. type: delimited block . 4 #: documentation/content/en/articles/pam/_index.adoc:225 #, no-wrap msgid "" "sshd\tauth\t\trequired\tpam_nologin.so\tno_warn\n" "sshd\tauth\t\trequired\tpam_unix.so\tno_warn try_first_pass\n" "sshd\taccount\t\trequired\tpam_login_access.so\n" "sshd\taccount\t\trequired\tpam_unix.so\n" "sshd\tsession\t\trequired\tpam_lastlog.so\tno_fail\n" "sshd\tpassword\trequired\tpam_permit.so\n" msgstr "" "sshd\tauth\t\trequired\tpam_nologin.so\tno_warn\n" "sshd\tauth\t\trequired\tpam_unix.so\tno_warn try_first_pass\n" "sshd\taccount\t\trequired\tpam_login_access.so\n" "sshd\taccount\t\trequired\tpam_unix.so\n" "sshd\tsession\t\trequired\tpam_lastlog.so\tno_fail\n" "sshd\tpassword\trequired\tpam_permit.so\n" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:228 msgid "" "This policy applies to the `sshd` service (which is not necessarily " "restricted to the man:sshd[8] server.)" msgstr "" "Esta política se aplica al servicio `sshd` (que no está necesariamente " "restringida al servidor man:sshd[8].)" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:229 msgid "`auth`, `account`, `session` and `password` are facilities." msgstr "`auth`, `account`, `session` y `password` son funcionalidades." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:230 msgid "" "[.filename]#pam_nologin.so#, [.filename]#pam_unix.so#, [." "filename]#pam_login_access.so#, [.filename]#pam_lastlog.so# and [." "filename]#pam_permit.so# are modules. It is clear from this example that [." "filename]#pam_unix.so# provides at least two facilities (authentication and " "account management.)" msgstr "" "[.filename]#pam_nologin.so#, [.filename]#pam_unix.so#, [." "filename]#pam_login_access.so#, [.filename]#pam_lastlog.so# and [." "filename]#pam_permit.so# son módulos. En el ejemplo se ve claramente que [." "filename]#pam_unix.so# proporciona al menos dos funcionalidades (" "autenticación y gestión de cuentas.)" #. type: Title == #: documentation/content/en/articles/pam/_index.adoc:232 #, no-wrap msgid "PAM Essentials" msgstr "Aspectos Fundamentales de PAM" #. type: Title === #: documentation/content/en/articles/pam/_index.adoc:235 #, no-wrap msgid "Facilities and Primitives" msgstr "Funcionalidades y Primitivas" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:238 msgid "" "The PAM API offers six different authentication primitives grouped in four " "facilities, which are described below." msgstr "" "La API de PAM ofrece seis primitivas de autenticación diferentes agrupadas " "en cuatro funcionalidades, que se describen a continuación." #. type: Labeled list #: documentation/content/en/articles/pam/_index.adoc:239 #, no-wrap msgid "`auth`" msgstr "`auth`" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:242 msgid "" "_Authentication._ This facility concerns itself with authenticating the " "applicant and establishing the account credentials. It provides two " "primitives:" msgstr "" "_Autenticación._ Esta funcionalidad tiene que ver con la autenticación de un " "solicitante y el establecimiento de las credenciales de la cuenta. " "Proporciona dos primitivas:" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:244 msgid "" "man:pam_authenticate[3] authenticates the applicant, usually by requesting " "an authentication token and comparing it with a value stored in a database " "or obtained from an authentication server." msgstr "" "man:pam_authenticate[3] autentica al solicitante, normalmente solicitando un " "token de autenticación y comparándolo con un valor almacenado en una base de " "datos u obtenido de un servidor de autenticación." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:245 msgid "" "man:pam_setcred[3] establishes account credentials such as user ID, group " "membership and resource limits." msgstr "" "man:pam_setcred[3] establece las credenciales de la cuenta tales como el ID " "de usuario, la pertenencia a grupos y los límites de recursos." #. type: Labeled list #: documentation/content/en/articles/pam/_index.adoc:246 #, no-wrap msgid "`account`" msgstr "`account`" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:249 msgid "" "_Account management._ This facility handles non-authentication-related " "issues of account availability, such as access restrictions based on the " "time of day or the server's work load. It provides a single primitive:" msgstr "" "_Gestión de cuentas._ Esta funcionalidad se encarga de los problemas de " "disponibilidad con las cuentas, que no están relacionados con la " "autenticación, como restricciones de acceso según la hora del día o la carga " "del servidor de trabajo. Proporciona una única primitiva:" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:251 msgid "man:pam_acct_mgmt[3] verifies that the requested account is available." msgstr "man:pam_acct_mgmt[3] verifica que la cuenta solicitada está disponible." #. type: Labeled list #: documentation/content/en/articles/pam/_index.adoc:252 #, no-wrap msgid "`session`" msgstr "`session`" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:255 msgid "" "_Session management._ This facility handles tasks associated with session " "set-up and tear-down, such as login accounting. It provides two primitives:" msgstr "" "_Gestión de sesiones._ Esta funcionalidad gestiona tareas asociadas con el " "establecimiento y desmantelamiento de sesiones, tales como la contabilidad " "de login. Proporciona dos primitivas:" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:257 msgid "" "man:pam_open_session[3] performs tasks associated with session set-up: add " "an entry in the [.filename]#utmp# and [.filename]#wtmp# databases, start an " "SSH agent, etc." msgstr "" "man:pam_open_session[3] realiza tareas asociadas con el establecimiento de " "sesión: añade una entrada en las bases de datos [.filename]#utmp# y [." "filename]#wtmp#, arranca un agente SSH, etc." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:258 msgid "" "man:pam_close_session[3] performs tasks associated with session tear-down: " "add an entry in the [.filename]#utmp# and [.filename]#wtmp# databases, stop " "the SSH agent, etc." msgstr "" "man:pam_close_session[3] realiza tareas asociadas con el desmantelamiento de " "la sesión: añade una entrada en las bases de datos [.filename]#utmp# y [." "filename]#wtmp#, parar un agente SSH, etc." #. type: Labeled list #: documentation/content/en/articles/pam/_index.adoc:259 #, no-wrap msgid "`password`" msgstr "`password`" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:262 msgid "" "_Password management._ This facility is used to change the authentication " "token associated with an account, either because it has expired or because " "the user wishes to change it. It provides a single primitive:" msgstr "" "_Gestión de contraseñas._ Esta funcionalidad se usa para cambiar el token de " "autenticación asociado a una cuenta, ya sea porque ha caducado o porque el " "usuario desea cambiarla. Proporciona una única primitiva:" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:264 msgid "" "man:pam_chauthtok[3] changes the authentication token, optionally verifying " "that it is sufficiently hard to guess, has not been used previously, etc." msgstr "" "man:pam_chauthtok[3] cambia el token de autenticación, opcionalmente " "verifica que es difícil de adivinar, que no ha sido usada previamente, etc." #. type: Title === #: documentation/content/en/articles/pam/_index.adoc:266 #, no-wrap msgid "Modules" msgstr "Módulos" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:271 msgid "" "Modules are a very central concept in PAM; after all, they are the \"M\" in " "\"PAM\". A PAM module is a self-contained piece of program code that " "implements the primitives in one or more facilities for one particular " "mechanism; possible mechanisms for the authentication facility, for " "instance, include the UNIX(R) password database, NIS, LDAP and Radius." msgstr "" "Los módulos son un concepto central en PAM; después de todo, son la \"M\" en " "\"PAM\". Un módulo PAM es un trozo de código auto-contenido que implementa " "las primitivas de una o más funcionalidades para un mecanismo en particular; " "posibles mecanismos para la funcionalidad de autenticación, por ejemplo, " "incluye la base de datos de contraseñas de UNIX(R), NIS, LDAP and Radius." #. type: Title ==== #: documentation/content/en/articles/pam/_index.adoc:273 #, no-wrap msgid "Module Naming" msgstr "Nomenclatura de Módulos" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:278 msgid "" "FreeBSD implements each mechanism in a single module, named `pam_mechanism." "so` (for instance, `pam_unix.so` for the UNIX(R) mechanism.) Other " "implementations sometimes have separate modules for separate facilities, and " "include the facility name as well as the mechanism name in the module name. " "To name one example, Solaris(TM) has a `pam_dial_auth.so.1` module which is " "commonly used to authenticate dialup users." msgstr "" "FreeBSD implementa cada mecanismo en un módulo separado, llamado " "`pam_mechanism.so` (por ejemplo, `pam_unix.so` para el mecanismo de UNIX(R).)" " Otras implementaciones a veces tienen módulos separados para " "funcionalidades separadas e incluyen en el nombre del módulo el nombre de la " "funcionalidad así como el nombre del mecanismo. Por mencionar un ejemplo, " "Solaris(TM) tiene un módulo `pam_dial_auth.so.1` que se usa de forma " "habitual para autenticar usuarios conectados mediante \"dialup\"." #. type: Title ==== #: documentation/content/en/articles/pam/_index.adoc:280 #, no-wrap msgid "Module Versioning" msgstr "Versionado de Módulos" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:284 msgid "" "FreeBSD's original PAM implementation, based on Linux-PAM, did not use " "version numbers for PAM modules. This would commonly cause problems with " "legacy applications, which might be linked against older versions of the " "system libraries, as there was no way to load a matching version of the " "required modules." msgstr "" "La implementación original de PAM en FreeBSD, basada en Linux-PAM, no usaba " "números de versión para los módulos PAM. Esto normalmente causaría problemas " "con las aplicaciones heredadas (legacy), que podrían estar vinculadas con " "versiones anteriores de las bibliotecas del sistema, ya que no había forma " "de cargar una versión correspondiente de los módulos requeridos." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:287 msgid "" "OpenPAM, on the other hand, looks for modules that have the same version " "number as the PAM library (currently 2), and only falls back to an " "unversioned module if no versioned module could be loaded. Thus legacy " "modules can be provided for legacy applications, while allowing new (or " "newly built) applications to take advantage of the most recent modules." msgstr "" "OpenPAM, por otro lado, busca módulos que tengan el mismo número de versión " "que la biblioteca PAM (actualmente 2), y solo recurre a un módulo sin " "versión si no se puede cargar un módulo que tenga versión. Por lo tanto, se " "pueden proporcionar módulos heredados (legacy) para aplicaciones heredadas " "(legacy), lo cual permite que las aplicaciones nuevas (o compiladas de nuevo)" " aprovechen los módulos más recientes." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:289 msgid "" "Although Solaris(TM) PAM modules commonly have a version number, they are " "not truly versioned, because the number is a part of the module name and " "must be included in the configuration." msgstr "" "Aunque los módulos PAM de Solaris(TM) normalmente tienen un número de " "versión, no están versionados realmente, porque el número es una parte del " "nombre del módulo y debe incluirse en la configuración." #. type: Title === #: documentation/content/en/articles/pam/_index.adoc:291 #, no-wrap msgid "Chains and Policies" msgstr "Cadenas y Políticas" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:296 msgid "" "When a server initiates a PAM transaction, the PAM library tries to load a " "policy for the service specified in the man:pam_start[3] call. The policy " "specifies how authentication requests should be processed, and is defined in " "a configuration file. This is the other central concept in PAM: the " "possibility for the admin to tune the system security policy (in the wider " "sense of the word) simply by editing a text file." msgstr "" "Cuando un servidor inicia una transacción PAM, la librería PAM intenta " "cargar una política para el servicio especificada en la llamada " "man:pam_start[3]. La política especifica cómo se deberían procesar las " "solicitudes de autenticación, y está definida en un fichero de " "configuración. Este es otro concepto central en PAM: la posibilidad que " "tiene el administrador de afinar la política de seguridad del sistema (en el " "sentido más amplio de la palabra) simplemente editando un fichero de texto." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:299 msgid "" "A policy consists of four chains, one for each of the four PAM facilities. " "Each chain is a sequence of configuration statements, each specifying a " "module to invoke, some (optional) parameters to pass to the module, and a " "control flag that describes how to interpret the return code from the module." msgstr "" "Una política consta de cuatro cadenas, una para cada una de las cuatro " "funcionalidades de PAM. Cada cadena es una secuencia de instalaciones de " "configuración, cada una especifica un módulo a invocar, algunos parámetros " "(opcionales) para pasar al módulo y un flag de control que describe cómo " "interpretar el código de retorno del módulo." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:302 msgid "" "Understanding the control flags is essential to understanding PAM " "configuration files. There are four different control flags:" msgstr "" "Comprender los flags de control es esencial para comprender los archivos de " "configuración de PAM. Hay cuatro flags de control diferentes:" #. type: Labeled list #: documentation/content/en/articles/pam/_index.adoc:303 #, no-wrap msgid "`binding`" msgstr "`binding`" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:306 msgid "" "If the module succeeds and no earlier module in the chain has failed, the " "chain is immediately terminated and the request is granted. If the module " "fails, the rest of the chain is executed, but the request is ultimately " "denied." msgstr "" "Si el módulo tiene éxito y ningún módulo anterior en la cadena ha fallado, " "la cadena se terminará de inmediato y se otorgará la solicitud. Si el módulo " "falla, el resto de la cadena se ejecuta, pero la solicitud finalmente se " "deniega." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:308 msgid "" "This control flag was introduced by Sun in Solaris(TM) 9 (SunOS(TM) 5.9), " "and is also supported by OpenPAM." msgstr "" "Este flag de control fue introducido por Sun en Solaris(TM) 9 (SunOS(TM) 5.9)" ", y también se soporta en OpenPAM." #. type: Labeled list #: documentation/content/en/articles/pam/_index.adoc:308 #, no-wrap msgid "`required`" msgstr "`required`" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:311 msgid "" "If the module succeeds, the rest of the chain is executed, and the request " "is granted unless some other module fails. If the module fails, the rest of " "the chain is also executed, but the request is ultimately denied." msgstr "" "Si el módulo tiene éxito, el resto de la cadena se ejecutará, y la solicitud " "se otorgará a menos que otro módulo falle. Si el módulo falla, el resto de " "la cadena también se ejecutará, pero la solicitud será denegada al final." #. type: Labeled list #: documentation/content/en/articles/pam/_index.adoc:312 #, no-wrap msgid "`requisite`" msgstr "`requisite`" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:315 msgid "" "If the module succeeds, the rest of the chain is executed, and the request " "is granted unless some other module fails. If the module fails, the chain " "is immediately terminated and the request is denied." msgstr "" "Si el módulo tiene éxito, el resto de la cadena se ejecutará y la solicitud " "se aceptará a menos que falle algún otro módulo. Si el módulo falla, la " "cadena terminará inmediatamente y la solicitud será denegada." #. type: Labeled list #: documentation/content/en/articles/pam/_index.adoc:316 #, no-wrap msgid "`sufficient`" msgstr "`sufficient`" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:319 msgid "" "If the module succeeds and no earlier module in the chain has failed, the " "chain is immediately terminated and the request is granted. If the module " "fails, the module is ignored and the rest of the chain is executed." msgstr "" "Si el módulo tiene éxito y ningún módulo anterior de la cadena ha fallado, " "la cadena terminará de inmediato y se aceptará la solicitud. Si el módulo " "falla, se ignorará y se ejecutará el resto de la cadena." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:321 msgid "" "As the semantics of this flag may be somewhat confusing, especially when it " "is used for the last module in a chain, it is recommended that the `binding` " "control flag be used instead if the implementation supports it." msgstr "" "Como la semántica de este flag puede ser algo confusa, especialmente cuando " "se usa para el último módulo de una cadena, se recomienda usar el flag de " "control del `binding` si la implementación lo admite." #. type: Labeled list #: documentation/content/en/articles/pam/_index.adoc:321 #, no-wrap msgid "`optional`" msgstr "`optional`" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:324 msgid "" "The module is executed, but its result is ignored. If all modules in a " "chain are marked `optional`, all requests will always be granted." msgstr "" "El módulo se ejecuta, pero el resultado es ignorado. Si todos los módulos en " "una cadena están marcados como `optional`, todas las solicitudes serán " "concedidas." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:327 msgid "" "When a server invokes one of the six PAM primitives, PAM retrieves the chain " "for the facility the primitive belongs to, and invokes each of the modules " "listed in the chain, in the order they are listed, until it reaches the end, " "or determines that no further processing is necessary (either because a " "`binding` or `sufficient` module succeeded, or because a `requisite` module " "failed.) The request is granted if and only if at least one module was " "invoked, and all non-optional modules succeeded." msgstr "" "Cuando un servidor invoca una de las seis primitivas de PAM, PAM recupera la " "cadena para la funcionalidad a la que pertenece la primitiva e invoca cada " "uno de los módulos enumerados en la cadena, en el orden en el que se " "enumeran, hasta que llega al final, o determina que no es necesario ningún " "procesamiento adicional (porque un módulo `binding` o `sufficient` tuvo " "éxito, o porque falló un módulo `requisite`). La solicitud es aceptada si y " "solo si se invocó al menos un módulo, y todos los módulos que no sean " "opcionales tuvieron éxito." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:331 msgid "" "Note that it is possible, though not very common, to have the same module " "listed several times in the same chain. For instance, a module that looks " "up user names and passwords in a directory server could be invoked multiple " "times with different parameters specifying different directory servers to " "contact. PAM treat different occurrences of the same module in the same " "chain as different, unrelated modules." msgstr "" "Ten en cuenta que es posible, aunque no muy común, tener el mismo módulo " "listado varias veces en la misma cadena. Por ejemplo, un módulo que busca " "nombres de usuario y contraseñas en un servidor de directorio podría " "invocarse varias veces con diferentes parámetros que especifican diferentes " "servidores de directorio para contactar. PAM trata diferentes ocurrencias " "del mismo módulo en la misma cadena como módulos diferentes no relacionados." #. type: Title === #: documentation/content/en/articles/pam/_index.adoc:333 #, no-wrap msgid "Transactions" msgstr "Transacciones" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:337 msgid "" "The lifecycle of a typical PAM transaction is described below. Note that if " "any of these steps fails, the server should report a suitable error message " "to the client and abort the transaction." msgstr "" "A continuación se describe el ciclo de vida de una transacción PAM típica. " "Ten en cuenta que si alguno de estos pasos falla, el servidor debe informar " "al cliente con un mensaje de error adecuado y cancelar la transacción." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:339 msgid "" "If necessary, the server obtains arbitrator credentials through a mechanism " "independent of PAM-most commonly by virtue of having been started by `root`, " "or of being setuid `root`." msgstr "" "Si es necesario, el servidor obtiene credenciales de árbitro mediante un " "mecanismo independiente de PAM - normalmente al haber sido iniciado como " "`root`, o haber sido establecido el setuid a `root`." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:340 msgid "" "The server calls man:pam_start[3] to initialize the PAM library and specify " "its service name and the target account, and register a suitable " "conversation function." msgstr "" "El servidor invoca man:pam_start[3] para inicializar la librería PAM y " "especifica su nombre de servicio y la cuenta objetivo, y registra una " "función de conversación adecuada." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:341 msgid "" "The server obtains various information relating to the transaction (such as " "the applicant's user name and the name of the host the client runs on) and " "submits it to PAM using man:pam_set_item[3]." msgstr "" "El servidor obtiene información relacionada con la transacción (como el " "nombre de usuario del solicitante y el nombre del host en el que se ejecuta " "el cliente) y la envía a PAM utilizando man:pam_set_imte[3]." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:342 msgid "The server calls man:pam_authenticate[3] to authenticate the applicant." msgstr "" "El servidor invoca man:pam_authenticate[3] para autenticar al solicitante." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:343 msgid "" "The server calls man:pam_acct_mgmt[3] to verify that the requested account " "is available and valid. If the password is correct but has expired, man:" "pam_acct_mgmt[3] will return `PAM_NEW_AUTHTOK_REQD` instead of `PAM_SUCCESS`." msgstr "" "El servidor llama a man:pam_acct_mgmt[3] para verificar que la cuenta " "solicitada está disponible y es válida. Si la contraseña es correcta pero ha " "expirado, man:pam_acct_mgmt[3] devolverá `PAM_NEW_AUTHTOK_REQD` en lugar de " "`PAM_SUCCESS`." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:344 msgid "" "If the previous step returned `PAM_NEW_AUTHTOK_REQD`, the server now calls " "man:pam_chauthtok[3] to force the client to change the authentication token " "for the requested account." msgstr "" "Si el paso anterior devolvió `PAM_NEW_AUTHTOK_REQD`, el servidor llama a " "man:pam_chauthtok[3] para forzar al cliente a cambiar el token de " "autenticación para la cuenta solicitada." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:345 msgid "" "Now that the applicant has been properly authenticated, the server calls man:" "pam_setcred[3] to establish the credentials of the requested account. It is " "able to do this because it acts on behalf of the arbitrator, and holds the " "arbitrator's credentials." msgstr "" "Ahora que el solicitante se ha antenticado correctamente, el servidor invoca " "man:pam_setcre[3] para establecer las credenciales de la cuenta solicitada. " "Puede hacer esto porque actúa en nombre del árbitro, y posee las " "credenciales del mismo." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:346 msgid "" "Once the correct credentials have been established, the server calls man:" "pam_open_session[3] to set up the session." msgstr "" "Una vez que se han establecido las credenciales correctas, el servidor llama " "a man:pam_open_session[3] para establecer la sesión." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:347 msgid "" "The server now performs whatever service the client requested-for instance, " "provide the applicant with a shell." msgstr "" "El servidor ahora realiza cualquier servicio que solicite el cliente—por " "ejemplo, proporciona un shell al solicitante." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:348 msgid "" "Once the server is done serving the client, it calls man:" "pam_close_session[3] to tear down the session." msgstr "" "Una vez que el servidor ha terminado con el cliente, llama a " "man:pam_close_session[3] para desmantelar la sesión." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:349 msgid "" "Finally, the server calls man:pam_end[3] to notify the PAM library that it " "is done and that it can release whatever resources it has allocated in the " "course of the transaction." msgstr "" "Finalmente, el servidor llama a man:pam_end[3] para notificar a la librería " "PAM que ha terminado y que puede liberar los recursos que se hubieran " "adquirido durante el curso de la transacción." #. type: Title == #: documentation/content/en/articles/pam/_index.adoc:351 #, no-wrap msgid "PAM Configuration" msgstr "Configuración de PAM" #. type: Title === #: documentation/content/en/articles/pam/_index.adoc:354 #, no-wrap msgid "PAM Policy Files" msgstr "Archivos de Políticas de PAM" #. type: Title ==== #: documentation/content/en/articles/pam/_index.adoc:357 #, no-wrap msgid "The [.filename]#/etc/pam.conf#" msgstr "El fichero [.filename]#/etc/pam.conf#" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:362 msgid "" "The traditional PAM policy file is [.filename]#/etc/pam.conf#. This file " "contains all the PAM policies for your system. Each line of the file " "describes one step in a chain, as shown below:" msgstr "" "El archivo de configuración tradicional de PAM es [.filename]#/etc/pam.conf#" ". Este archivo contiene todas las configuraciones de PAM para tu sistema. " "Cada línea del archivo describe un paso es una cadena, como se muestra a " "continuación:" #. type: delimited block . 4 #: documentation/content/en/articles/pam/_index.adoc:366 #, no-wrap msgid "login auth required pam_nologin.so no_warn\n" msgstr "login auth required pam_nologin.so no_warn\n" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:370 msgid "" "The fields are, in order: service name, facility name, control flag, module " "name, and module arguments. Any additional fields are interpreted as " "additional module arguments." msgstr "" "Los campos son, en orden de aparición: nombre del servicio, nombre de la " "funcionalidad, flag de control, nombre del módulo y argumentos del módulo. " "Cualquier campo adicional se interpreta como un argumento adicional del " "módulo." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:374 msgid "" "A separate chain is constructed for each service / facility pair, so while " "the order in which lines for the same service and facility appear is " "significant, the order in which the individual services and facilities are " "listed is not. The examples in the original PAM paper grouped configuration " "lines by facility, and the Solaris(TM) stock [.filename]#pam.conf# still " "does that, but FreeBSD's stock configuration groups configuration lines by " "service. Either way is fine; either way makes equal sense." msgstr "" "Se construye una cadena separada para cada par servicio / funcionalidad, de " "forma que aunque el orden en que aparecen lineas para el mismo servicio y " "funcionalidad es significativo, el orden que el que aparecen listados los " "servicios y las funcionalidades individuales no lo es. Los ejemplos en el " "documento original de PAM agrupaba la configuración por funcionalidades y el " "[.filename]#pam.conf# por defecto de Solaris(TM) todavía lo hace, pero la " "configuración por defecto de FreeBSD agrupa las lineas de configuración por " "servicio. Cualquiera de las dos formas está bien; cualquiera de las dos " "tiene sentido." #. type: Title ==== #: documentation/content/en/articles/pam/_index.adoc:376 #, no-wrap msgid "The [.filename]#/etc/pam.d#" msgstr "El directorio [.filename]#/etc/pam.d#" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:381 msgid "" "OpenPAM and Linux-PAM support an alternate configuration mechanism, which is " "the preferred mechanism in FreeBSD. In this scheme, each policy is " "contained in a separate file bearing the name of the service it applies to. " "These files are stored in [.filename]#/etc/pam.d/#." msgstr "" "OpenPAM y Linux-PAM soportan un mecanismo de configuración alternativo, que " "es el mecanismo preferido en FreeBSD. En este esquema, cada política está " "contenida en un archivo separado con el nombre del servicio al que se " "aplica. Estos archivos se almacenan en [.filename]#/etc/pam.d/#." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:384 msgid "" "These per-service policy files have only four fields instead of [." "filename]#pam.conf#'s five: the service name field is omitted. Thus, " "instead of the sample [.filename]#pam.conf# line from the previous section, " "one would have the following line in [.filename]#/etc/pam.d/login#:" msgstr "" "Estos archivos de política por servicio tienen solo cuatro campos en lugar " "de los cinco de [.filename]#pam.conf#: el campo del nombre del servicio se " "omite. Por lo tanto, en lugar de la línea de ejemplo [.filename]#pam.conf# " "de la sección anterior, debería tener la siguiente línea en [.filename]#/etc/" "pam.d/login#:" #. type: delimited block . 4 #: documentation/content/en/articles/pam/_index.adoc:388 #, no-wrap msgid "auth required pam_nologin.so no_warn\n" msgstr "auth required pam_nologin.so no_warn\n" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:392 msgid "" "As a consequence of this simplified syntax, it is possible to use the same " "policy for multiple services by linking each service name to a same policy " "file. For instance, to use the same policy for the `su` and `sudo` " "services, one could do as follows:" msgstr "" "Como resultado de esta sintaxis simplificada, es posible utilizar la misma " "política para múltiples servicios vinculando cada nombre de servicio al " "mismo archivo de política. Por ejemplo, para utilizar la misma política para " "los servicios `su` y `sudo`, uno podría hacer lo siguiente:" #. type: delimited block . 4 #: documentation/content/en/articles/pam/_index.adoc:397 #, no-wrap msgid "" "# cd /etc/pam.d\n" "# ln -s su sudo\n" msgstr "" "# cd /etc/pam.d\n" "# ln -s su sudo\n" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:400 msgid "" "This works because the service name is determined from the file name rather " "than specified in the policy file, so the same file can be used for multiple " "differently-named services." msgstr "" "Esto funciona porque el nombre del servicio se determina a partir del nombre " "del archivo en lugar de especificarse en el archivo de política, por lo que " "el mismo archivo se puede usar para múltiples servicios con nombres " "diferentes." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:402 msgid "" "Since each service's policy is stored in a separate file, the [." "filename]#pam.d# mechanism also makes it very easy to install additional " "policies for third-party software packages." msgstr "" "Como la política de cada servicio se almacena en un archivo separado, el " "mecanismo [.filename]#pam.d# también facilita la instalación de políticas " "adicionales para paquetes de software de terceros." #. type: Title ==== #: documentation/content/en/articles/pam/_index.adoc:404 #, no-wrap msgid "The Policy Search Order" msgstr "El Orden de Búsqueda de La Política" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:408 msgid "" "As we have seen above, PAM policies can be found in a number of places. " "What happens if policies for the same service exist in multiple places?" msgstr "" "Como hemos visto anteriormente, las políticas de PAM se pueden encontrar en " "varios sitios. ¿Qué sucede si existen políticas para el mismo servicio en " "varios sitios?" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:410 msgid "" "It is essential to understand that PAM's configuration system is centered on " "chains." msgstr "" "Es esencial comprender que el sistema de configuración de PAM se centra en " "las cadenas." #. type: Title === #: documentation/content/en/articles/pam/_index.adoc:412 #, no-wrap msgid "Breakdown of a Configuration Line" msgstr "Desglose de una Línea de Configuración" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:415 msgid "" "As explained in <>, each line in [.filename]#/etc/pam.conf# " "consists of four or more fields: the service name, the facility name, the " "control flag, the module name, and zero or more module arguments." msgstr "" "Como se explicó en <>, cada línea de [.filename]#/etc/pam." "conf# consiste en cuatro o más campos: el nombre del servicio, el nombre de " "la funcionalidad, el flag de control, el nombre del módulo, y cero o más " "argumentos para el módulo." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:418 msgid "" "The service name is generally (though not always) the name of the " "application the statement applies to. If you are unsure, refer to the " "individual application's documentation to determine what service name it " "uses." msgstr "" "El nombre del servicio suele ser (aunque no siempre) el nombre de la " "aplicación a la que se aplica la declaración. Si no estás seguro, consulta " "la documentación de la aplicación para determinar qué nombre de servicio " "utiliza." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:420 msgid "" "Note that if you use [.filename]#/etc/pam.d/# instead of [.filename]#/etc/" "pam.conf#, the service name is specified by the name of the policy file, and " "omitted from the actual configuration lines, which then start with the " "facility name." msgstr "" "Ten en cuenta que si usas [.filename]#/etc/pam.d/# en lugar de [.filename]#/" "etc/pam.conf#, el nombre del servicio se especifica mediante el nombre del " "archivo de política y se omite de las líneas de configuración actuales, que " "luego empiezan con el nombre de la funcionalidad." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:422 msgid "" "The facility is one of the four facility keywords described in <>." msgstr "" "La funcionalidad es una de las cuatro palabras claves de funcionalidad " "descritas en <>." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:426 msgid "" "Likewise, the control flag is one of the four keywords described in <>, describing how to interpret the return code from the " "module. Linux-PAM supports an alternate syntax that lets you specify the " "action to associate with each possible return code, but this should be " "avoided as it is non-standard and closely tied in with the way Linux-PAM " "dispatches service calls (which differs greatly from the way Solaris(TM) and " "OpenPAM do it.) Unsurprisingly, OpenPAM does not support this syntax." msgstr "" "Del mismo modo, el flag de control es uno de los cuatro descritos en <>, que describen cómo interpretar el código de retorno de un " "módulo. Linux-PAM soporta una sintaxis alternativa que te permite " "especificar la acción a asociar con cada código de retorno posible, pero se " "debería evitar ya que no es estándar y está muy ligado al modo en el que " "Linux-PAM despacha las llamadas de servicio (que difiere enormemente del " "modo en que lo hacen Solaris(TM) y OpenPAM). No es sorprendente que OpenPAM " "no soporte esta sintaxis." #. type: Title === #: documentation/content/en/articles/pam/_index.adoc:428 #, no-wrap msgid "Policies" msgstr "Políticas" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:431 msgid "" "To configure PAM correctly, it is essential to understand how policies are " "interpreted." msgstr "" "Para configurar PAM correctamente, es esencial comprender cómo se " "interpretan las políticas." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:434 msgid "" "When an application calls man:pam_start[3], the PAM library loads the policy " "for the specified service and constructs four module chains (one for each " "facility.) If one or more of these chains are empty, the corresponding " "chains from the policy for the `other` service are substituted." msgstr "" "Cuando una aplicación invoca man:pam_start[3], la librería PAM carga la " "política para el servicio especificado y construye cuatro cadenas de módulos " "(uno para cada funcionalidad). Si una o más de estas cadenas está vacía, las " "cadenas correspondientes de la política para el `otro` servicio son " "sustituidas." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:438 msgid "" "When the application later calls one of the six PAM primitives, the PAM " "library retrieves the chain for the corresponding facility and calls the " "appropriate service function in each module listed in the chain, in the " "order in which they were listed in the configuration. After each call to a " "service function, the module type and the error code returned by the service " "function are used to determine what happens next. With a few exceptions, " "which we discuss below, the following table applies:" msgstr "" "Cuando la aplicación llama más tarde a una de los seis primitivas de PAM, la " "biblioteca PAM recupera la cadena para la funcionalidad correspondiente y " "llama a la función apropiada del servicio en cada módulo del listado en la " "cadena, en el orden en el que fueron listados en la configuración. Después " "de cada llamada a una función del servicio, el tipo de módulo y el código de " "error devuelto por la función del servicio se utilizan para determinar qué " "sucede a continuación. Con algunas excepciones, que se analizaran a " "continuación, se aplica la siguiente tabla:" #. type: Block title #: documentation/content/en/articles/pam/_index.adoc:439 #, no-wrap msgid "PAM Chain Execution Summary" msgstr "Resumen de la ejecución del chain en PAM" #. type: Table #: documentation/content/en/articles/pam/_index.adoc:444 #, no-wrap msgid "PAM_SUCCESS" msgstr "PAM_SUCCESS" #. type: Table #: documentation/content/en/articles/pam/_index.adoc:445 #, no-wrap msgid "PAM_IGNORE" msgstr "PAM_IGNORE" #. type: Table #: documentation/content/en/articles/pam/_index.adoc:447 #, no-wrap msgid "other" msgstr "other" #. type: Table #: documentation/content/en/articles/pam/_index.adoc:448 #, no-wrap msgid "binding" msgstr "binding" #. type: Table #: documentation/content/en/articles/pam/_index.adoc:449 #: documentation/content/en/articles/pam/_index.adoc:464 #, no-wrap msgid "if (!fail) break;" msgstr "if (!fail) break;" #. type: Table #: documentation/content/en/articles/pam/_index.adoc:450 #: documentation/content/en/articles/pam/_index.adoc:454 #: documentation/content/en/articles/pam/_index.adoc:455 #: documentation/content/en/articles/pam/_index.adoc:459 #: documentation/content/en/articles/pam/_index.adoc:460 #: documentation/content/en/articles/pam/_index.adoc:465 #: documentation/content/en/articles/pam/_index.adoc:467 #: documentation/content/en/articles/pam/_index.adoc:469 #: documentation/content/en/articles/pam/_index.adoc:470 #: documentation/content/en/articles/pam/_index.adoc:471 #, no-wrap msgid "-" msgstr "-" #. type: Table #: documentation/content/en/articles/pam/_index.adoc:452 #: documentation/content/en/articles/pam/_index.adoc:457 #, no-wrap msgid "fail = true;" msgstr "fail = true;" #. type: Table #: documentation/content/en/articles/pam/_index.adoc:453 #, no-wrap msgid "required" msgstr "required" #. type: Table #: documentation/content/en/articles/pam/_index.adoc:458 #, no-wrap msgid "requisite" msgstr "requisite" #. type: Table #: documentation/content/en/articles/pam/_index.adoc:462 #, no-wrap msgid "fail = true; break;" msgstr "fail = true; break;" #. type: Table #: documentation/content/en/articles/pam/_index.adoc:463 #, no-wrap msgid "sufficient" msgstr "sufficient" #. type: Table #: documentation/content/en/articles/pam/_index.adoc:468 #, no-wrap msgid "optional" msgstr "optional" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:475 msgid "" "If `fail` is true at the end of a chain, or when a \"break\" is reached, the " "dispatcher returns the error code returned by the first module that failed. " "Otherwise, it returns `PAM_SUCCESS`." msgstr "" "Si `fail` es verdadero al final de una cadena, o cuando se alcanza un \"break" "\", el repartidor (dispatcher) devuelve el código de error devuelto por el " "primer módulo que falló. De lo contrario, devuelve `PAM_SUCCESS`." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:477 msgid "" "The first exception of note is that the error code `PAM_NEW_AUTHTOK_REQD` is " "treated like a success, except that if no module failed, and at least one " "module returned `PAM_NEW_AUTHTOK_REQD`, the dispatcher will return " "`PAM_NEW_AUTHTOK_REQD`." msgstr "" "La primera excepción es que el código de error `PAM_NEW_AUTHTOK_REQD` se " "trata como un éxito, si ningún módulo falla y al menos un módulo devuelve " "`PAM_NEW_AUTHTOK_REQD`, el repartidor devolverá `PAM_NEW_AUTHTOK_REQD`." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:479 msgid "" "The second exception is that man:pam_setcred[3] treats `binding` and " "`sufficient` modules as if they were `required`." msgstr "" "La segunda excepción es que man:pam_setcred[3] trata los módulos `binding` y " "`sufficient` como si fueran `required`." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:481 msgid "" "The third and final exception is that man:pam_chauthtok[3] runs the entire " "chain twice (once for preliminary checks and once to actually set the " "password), and in the preliminary phase it treats `binding` and `sufficient` " "modules as if they were `required`." msgstr "" "La tercera y última excepción es que man:pam_chauthtok[3] ejecuta la cadena " "entera dos veces (una para las comprobaciones preliminares y una para " "establecer realmente la contraseña), y en la fase preliminar trata los " "módulos `binding` y `sufficient` como si fueran `required`." #. type: Title == #: documentation/content/en/articles/pam/_index.adoc:483 #, no-wrap msgid "FreeBSD PAM Modules" msgstr "Módulos PAM de FreeBSD" #. type: Title === #: documentation/content/en/articles/pam/_index.adoc:486 #, no-wrap msgid "man:pam_deny[8]" msgstr "man:pam_deny[8]" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:490 msgid "" "The man:pam_deny[8] module is one of the simplest modules available; it " "responds to any request with `PAM_AUTH_ERR`. It is useful for quickly " "disabling a service (add it to the top of every chain), or for terminating " "chains of `sufficient` modules." msgstr "" "El módulo man:pam_deny[8] es uno de los módulos más sencillos que están " "disponibles; responde a cualquier petición con `PAM_AUTH_ERR`. Es útil para " "deshabilitar un servicio rápidamente (añádelo al comienzo de cada cadena), o " "para terminar cadenas de módulos `sufficient`." #. type: Title === #: documentation/content/en/articles/pam/_index.adoc:492 #, no-wrap msgid "man:pam_echo[8]" msgstr "man:pam_echo[8]" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:496 msgid "" "The man:pam_echo[8] module simply passes its arguments to the conversation " "function as a `PAM_TEXT_INFO` message. It is mostly useful for debugging, " "but can also serve to display messages such as \"Unauthorized access will be " "prosecuted\" before starting the authentication procedure." msgstr "" "El módulo man:pam_echo[8] simplemente pasa sus argumentos a la función de " "conversación como un mensaje `PAM_TEXT_INFO`. Es más útil para depurar, pero " "también puede servir para mostrar mensajes como \"El uso no autorizado será " "perseguido\" antes de iniciar el procedimiento de autenticación." #. type: Title === #: documentation/content/en/articles/pam/_index.adoc:498 #, no-wrap msgid "man:pam_exec[8]" msgstr "man:pam_exec[8]" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:502 msgid "" "The man:pam_exec[8] module takes its first argument to be the name of a " "program to execute, and the remaining arguments are passed to that program " "as command-line arguments. One possible application is to use it to run a " "program at login time which mounts the user's home directory." msgstr "" "El módulo man:pam_exec[8] interpreta su primer argumento como el nombre de " "un programa a ejecutar, y el resto de argumentos son pasados a ese programa " "como argumentos de línea de comandos. Una posible aplicación es usarlo para " "ejecutar un programa que monte, en el momento de iniciar sesión, el " "directorio home del usuario." #. type: Title === #: documentation/content/en/articles/pam/_index.adoc:504 #, no-wrap msgid "man:pam_ftpusers[8]" msgstr "man:pam_ftpusers[8]" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:507 msgid "The man:pam_ftpusers[8] module" msgstr "El módulo man:pam_ftpusers[8]" #. type: Title === #: documentation/content/en/articles/pam/_index.adoc:509 #, no-wrap msgid "man:pam_group[8]" msgstr "man:pam_group[8]" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:513 msgid "" "The man:pam_group[8] module accepts or rejects applicants on the basis of " "their membership in a particular file group (normally `wheel` for man:" "su[1]). It is primarily intended for maintaining the traditional behavior " "of BSD man:su[1], but has many other uses, such as excluding certain groups " "of users from a particular service." msgstr "" "El módulo man:pam_group[8] acepta o rechaza solicitantes basándose en su " "pertenencia a un grupo concreto (normalmente `wheel` para man:su[1]). Está " "pensado principalmente para mantener el comportamiento tradicional del " "man:su[1] de BSD, pero tiene muchos otros usos, como excluir a ciertos " "grupos de usuarios de un determinado servicio." #. type: Title === #: documentation/content/en/articles/pam/_index.adoc:515 #, no-wrap msgid "man:pam_guest[8]" msgstr "man:pam_guest[8]" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:520 msgid "" "The man:pam_guest[8] module allows guest logins using fixed login names. " "Various requirements can be placed on the password, but the default behavior " "is to allow any password as long as the login name is that of a guest " "account. The man:pam_guest[8] module can easily be used to implement " "anonymous FTP logins." msgstr "" "El módulo man:pam_guest[8] permite inicios de sesión de invitados utilizando " "nombres de inicio de sesión fijos. Se pueden establecer varios requisitos " "para la contraseña, pero el comportamiento por defecto es permitir " "cualquiera mientras que el nombre de inicio de sesión sea uno asociado a una " "cuenta de invitado. Se puede usar el módulo man:pam_guest[8] de forma " "sencilla para implementar inicios de sesión anónimos en FTP." #. type: Title === #: documentation/content/en/articles/pam/_index.adoc:522 #, no-wrap msgid "man:pam_krb5[8]" msgstr "man:pam_krb5[8]" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:525 msgid "The man:pam_krb5[8] module" msgstr "El módulo man:pam_krb[8]" #. type: Title === #: documentation/content/en/articles/pam/_index.adoc:527 #, no-wrap msgid "man:pam_ksu[8]" msgstr "man:pam_ksu[8]" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:530 msgid "The man:pam_ksu[8] module" msgstr "El módulo man:pam_ksu[8]" #. type: Title === #: documentation/content/en/articles/pam/_index.adoc:532 #, no-wrap msgid "man:pam_lastlog[8]" msgstr "man:pam_lastlog[8]" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:535 msgid "The man:pam_lastlog[8] module" msgstr "El módulo man:pam_lastlog[8]" #. type: Title === #: documentation/content/en/articles/pam/_index.adoc:537 #, no-wrap msgid "man:pam_login_access[8]" msgstr "man:pam_login_access[8]" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:540 msgid "" "The man:pam_login_access[8] module provides an implementation of the account " "management primitive which enforces the login restrictions specified in the " "man:login.access[5] table." msgstr "" "El módulo man:pam_login_acces[8] proporciona una implementación de la " "primitiva de gestión de cuentas que aplica las restricciones de inicio de " "sesión especificadas en la tabla man:login.acces[5]." #. type: Title === #: documentation/content/en/articles/pam/_index.adoc:542 #, no-wrap msgid "man:pam_nologin[8]" msgstr "man:pam_nologin[8]" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:546 msgid "" "The man:pam_nologin[8] module refuses non-root logins when [.filename]#/var/" "run/nologin# exists. This file is normally created by man:shutdown[8] when " "less than five minutes remain until the scheduled shutdown time." msgstr "" "El módulo man:pam_nologin[8] rechaza los inicios de usuarios que no sean " "root cuando existe el fichero [.filename]#/var/run/nologin#. Este fichero " "normalmente es creado por man:shutdown[8] cuando quedan menos de cinco " "minutos para el tiempo de apagado programado." #. type: Title === #: documentation/content/en/articles/pam/_index.adoc:548 #, no-wrap msgid "man:pam_opie[8]" msgstr "man:pam_opie[8]" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:553 msgid "" "The man:pam_opie[8] module implements the man:opie[4] authentication " "method. The man:opie[4] system is a challenge-response mechanism where the " "response to each challenge is a direct function of the challenge and a " "passphrase, so the response can be easily computed \"just in time\" by " "anyone possessing the passphrase, eliminating the need for password lists. " "Moreover, since man:opie[4] never reuses a challenge that has been correctly " "answered, it is not vulnerable to replay attacks." msgstr "" "El módulo man:pam_opie[8] implementa el método de autenticación man:opie[4]. " "El sistema man:opie[4] es un mecanismo de reto-respuesta donde la respuesta " "a cada reto es una función directa del reto y de una clave, de forma que la " "respuesta se puede computar fácilmente \"en el momento\" por cualquiera que " "posea la clave, eliminando la necesidad de listas de contraseñas. Además, " "como man:opie[4] nunca reutiliza un reto que ha sido contestado " "correctamente, no es vulnerable a ataques de repetición." #. type: Title === #: documentation/content/en/articles/pam/_index.adoc:555 #, no-wrap msgid "man:pam_opieaccess[8]" msgstr "man:pam_opieaccess[8]" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:560 msgid "" "The man:pam_opieaccess[8] module is a companion module to man:pam_opie[8]. " "Its purpose is to enforce the restrictions codified in man:opieaccess[5], " "which regulate the conditions under which a user who would normally " "authenticate herself using man:opie[4] is allowed to use alternate methods. " "This is most often used to prohibit the use of password authentication from " "untrusted hosts." msgstr "" "El módulo man:pam_opieaccess[8] acompaña el módulo man:pam_opie[8]. Su " "propósito es aplicar las restricciones codificadas en man:opieaccess[5], que " "regulan las condiciones bajo las que un usuario que se autenticara " "normalmente con man:opie[4] se pueda autenticar usando métodos alternativos. " "Esto se usa principalmente para prohibir el uso de autenticación mediante " "contraseña desde máquinas en las que no se confía." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:562 msgid "" "In order to be effective, the man:pam_opieaccess[8] module must be listed as " "`requisite` immediately after a `sufficient` entry for man:pam_opie[8], and " "before any other modules, in the `auth` chain." msgstr "" "Para ser efectivo, el módulo man:pam_opieaccess[8] se debe listar como " "`requisite` justo después de una entrada `sufficient` para man:pam_opie[8], " "y antes que otros módulos, en la cadena `auth`." #. type: Title === #: documentation/content/en/articles/pam/_index.adoc:564 #, no-wrap msgid "man:pam_passwdqc[8]" msgstr "man:pam_passwdqc[8]" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:567 msgid "The man:pam_passwdqc[8] module" msgstr "El módulo man:pam_passwdqc[8]" #. type: Title === #: documentation/content/en/articles/pam/_index.adoc:569 #, no-wrap msgid "man:pam_permit[8]" msgstr "man:pam_permit[8]" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:573 msgid "" "The man:pam_permit[8] module is one of the simplest modules available; it " "responds to any request with `PAM_SUCCESS`. It is useful as a placeholder " "for services where one or more chains would otherwise be empty." msgstr "" "El módulo man:pam_permit[8] es uno de los módulos disponibles más simples; " "responde a cualquier petición con `PAM_SUCCESS`. Es útil como parámetro de " "sustitución para servicios donde una o más cadenas de otro modo estarían " "vacías." #. type: Title === #: documentation/content/en/articles/pam/_index.adoc:575 #, no-wrap msgid "man:pam_radius[8]" msgstr "man:pam_radius[8]" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:578 msgid "The man:pam_radius[8] module" msgstr "El módulo man:pam_radius[8]" #. type: Title === #: documentation/content/en/articles/pam/_index.adoc:580 #, no-wrap msgid "man:pam_rhosts[8]" msgstr "man:pam_rhosts[8]" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:583 msgid "The man:pam_rhosts[8] module" msgstr "El módulo man:pam_rhosts[8]" #. type: Title === #: documentation/content/en/articles/pam/_index.adoc:585 #, no-wrap msgid "man:pam_rootok[8]" msgstr "man:pam_rootok[8]" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:589 msgid "" "The man:pam_rootok[8] module reports success if and only if the real user id " "of the process calling it (which is assumed to be run by the applicant) is " "0. This is useful for non-networked services such as man:su[1] or man:" "passwd[1], to which the `root` should have automatic access." msgstr "" "El módulo man:pam_rootok[8] reporta éxito si y sólo si el id del usuario " "real del proceso llamante (que se asume que es ejecutado por el solicitante) " "es 0. Esto es útil para servicios que no sean de red como man:su[1] o " "man:passwd[1], a los que `root` debería tener acceso automático." #. type: Title === #: documentation/content/en/articles/pam/_index.adoc:591 #, no-wrap msgid "man:pam_securetty[8]" msgstr "man:pam_securetty[8]" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:594 msgid "The man:pam_securetty[8] module" msgstr "El módulo man:pam_securetty[8]" #. type: Title === #: documentation/content/en/articles/pam/_index.adoc:596 #, no-wrap msgid "man:pam_self[8]" msgstr "man:pam_self[8]" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:600 msgid "" "The man:pam_self[8] module reports success if and only if the names of the " "applicant matches that of the target account. It is most useful for non-" "networked services such as man:su[1], where the identity of the applicant " "can be easily verified." msgstr "" "El módulo man:pam_self[8] reporta éxito si y sólo si los nombres de los " "solicitantes concuerdan con el de la cuenta objetivo. Es útil para servicios " "no de red como man:su[1], donde la identidad del solicitante se puede " "verificar fácilmente." #. type: Title === #: documentation/content/en/articles/pam/_index.adoc:602 #, no-wrap msgid "man:pam_ssh[8]" msgstr "man:pam_ssh[8]" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:608 msgid "" "The man:pam_ssh[8] module provides both authentication and session " "services. The authentication service allows users who have passphrase-" "protected SSH secret keys in their [.filename]#~/.ssh# directory to " "authenticate themselves by typing their passphrase. The session service " "starts man:ssh-agent[1] and preloads it with the keys that were decrypted in " "the authentication phase. This feature is particularly useful for local " "logins, whether in X (using man:xdm[8] or another PAM-aware X login manager) " "or at the console." msgstr "" "El módulo man:pam_ssh[8] proporciona tanto autenticación como servicios de " "sesión. El servicio de autenticación permite a los usuarios que tienen " "claves secretas de SSH protegidas por contraseña en su directorio [." "filename]#~/.ssh# autenticarse ellos mismos tecleando la contraseña. El " "servicio de sesión arranca man:ssh-agent[1] y lo precarga con las claves que " "se desencriptaron en la fase de autenticación. Esta característica es " "particularmente útil para inicios de sesión locales, ya sea en X (usando " "man:xdm[8] u otro gestor de sesiones de X que sea compatible con PAM) o en " "la consola." #. type: Title === #: documentation/content/en/articles/pam/_index.adoc:610 #, no-wrap msgid "man:pam_tacplus[8]" msgstr "man:pam_tacplus[8]" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:613 msgid "The man:pam_tacplus[8] module" msgstr "El módulo man:pam_tacplus[8]" #. type: Title === #: documentation/content/en/articles/pam/_index.adoc:615 #, no-wrap msgid "man:pam_unix[8]" msgstr "man:pam_unix[8]" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:620 msgid "" "The man:pam_unix[8] module implements traditional UNIX(R) password " "authentication, using man:getpwnam[3] to obtain the target account's " "password and compare it with the one provided by the applicant. It also " "provides account management services (enforcing account and password " "expiration times) and password-changing services. This is probably the " "single most useful module, as the great majority of admins will want to " "maintain historical behavior for at least some services." msgstr "" "El módulo man:pam_unix[8] implementa la autenticación mediante contraseña " "tradicional de UNIX(R), usando man:getpwnam[3] para obtener la contraseña de " "la cuenta objetivo y comparándola con la proporcionada por el solicitante. " "También proporciona servicios de gestión de cuentas (forzando tiempos de " "expiración de cuentas y contraseñas) y servicios de cambio de contraseñas. " "Este es probablemente el módulo más útil ya que la mayoría de " "administradores querrán mantener este comportamiento histórico al menos para " "algunos servicios." #. type: Title == #: documentation/content/en/articles/pam/_index.adoc:622 #, no-wrap msgid "PAM Application Programming" msgstr "Programación de aplicaciones PAM" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:625 #: documentation/content/en/articles/pam/_index.adoc:630 msgid "This section has not yet been written." msgstr "Esta sección aún no se ha escrito." #. type: Title == #: documentation/content/en/articles/pam/_index.adoc:627 #, no-wrap msgid "PAM Module Programming" msgstr "Programación del módulo PAM" #. type: Title == #: documentation/content/en/articles/pam/_index.adoc:635 #, no-wrap msgid "Sample PAM Application" msgstr "Ejemplo de aplicación PAM" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:642 msgid "" "The following is a minimal implementation of man:su[1] using PAM. Note that " "it uses the OpenPAM-specific man:openpam_ttyconv[3] conversation function, " "which is prototyped in [.filename]#security/openpam.h#. If you wish build " "this application on a system with a different PAM library, you will have to " "provide your own conversation function. A robust conversation function is " "surprisingly difficult to implement; the one presented in <> is a good starting point, but should not be used in real-world " "applications." msgstr "" "Lo que sigue es una implementación mínima de man:su[1] utilizando PAM. Date " "cuenta de que usa la función de conversación man:openpam_ttyconv[3] " "específica de OpenPAM, que tiene su prototipo en [.filename]#security/openpam" ".h#. Si quieres compilar esta aplicación en un sistema con una librería PAM " "diferente, tendrás que proporcionar tu propia función de conversación. Una " "función de conversación robusta es sorprendentemente difícil de implementar; " "la que se presenta en <> es un buen punto de partida, pero " "no debería utilizarse en aplicaciones en el mundo real." #. type: delimited block . 4 #: documentation/content/en/articles/pam/_index.adoc:646 #, no-wrap msgid "include::{include-path}su.c[]\n" msgstr "include::{include-path}su.c[]\n" #. type: Title == #: documentation/content/en/articles/pam/_index.adoc:652 #, no-wrap msgid "Sample PAM Module" msgstr "Ejemplo de módulo PAM" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:656 msgid "" "The following is a minimal implementation of man:pam_unix[8], offering only " "authentication services. It should build and run with most PAM " "implementations, but takes advantage of OpenPAM extensions if available: " "note the use of man:pam_get_authtok[3], which enormously simplifies " "prompting the user for a password." msgstr "" "Lo siguiente es una implementación mínima de man:pam_unix[8], que sólo " "ofrece servicios de autenticación. Debería compilar con la mayoría de " "implementaciones de PAM, pero aprovecha las extensiones de OpenPAM si están " "disponibles: fíjate en el uso de man:pam_get_authtok[3], que simplifica " "enormemente preguntar por la contraseña de usuario." #. type: delimited block . 4 #: documentation/content/en/articles/pam/_index.adoc:660 #, no-wrap msgid "include::{include-path}pam_unix.c[]\n" msgstr "include::{include-path}pam_unix.c[]\n" #. type: Title == #: documentation/content/en/articles/pam/_index.adoc:666 #, no-wrap msgid "Sample PAM Conversation Function" msgstr "Ejemplo de función de conversación PAM" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:671 msgid "" "The conversation function presented below is a greatly simplified version of " "OpenPAM's man:openpam_ttyconv[3]. It is fully functional, and should give " "the reader a good idea of how a conversation function should behave, but it " "is far too simple for real-world use. Even if you are not using OpenPAM, " "feel free to download the source code and adapt man:openpam_ttyconv[3] to " "your uses; we believe it to be as robust as a tty-oriented conversation " "function can reasonably get." msgstr "" "La función de conversación que se presenta abajo es una versión muy " "simplificada de la función man:openpam_ttyconv[3] de OpenPAM. Es " "completamente funcional y debería darle al lector una buena idea de cómo se " "debería de comportar una función de conversación, pero es de lejos demasiado " "simple como para usarla en el mundo real. Incluso si no usas OpenPAM, " "siéntete libre para descargarte el código fuente y adaptar " "man:openpam_ttyconv[3] a tus necesidades; creemos que es todo lo robusta que " "puede llegar a ser una función de conversación basada en tty." #. type: delimited block . 4 #: documentation/content/en/articles/pam/_index.adoc:675 #, no-wrap msgid "include::{include-path}converse.c[]\n" msgstr "include::{include-path}converse.c[]\n" #. type: Title == #: documentation/content/en/articles/pam/_index.adoc:680 #, no-wrap msgid "Further Reading" msgstr "Lecturas adicionales" #. type: Title === #: documentation/content/en/articles/pam/_index.adoc:682 #, no-wrap msgid "Papers" msgstr "Artículos" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:685 msgid "" "Making Login Services Independent of Authentication Technologies Vipin " "Samar. Charlie Lai. Sun Microsystems." msgstr "" "Making Login Services Independent of Authentication Technologies Vipin " "Samar. Charlie Lai. Sun Microsystems." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:687 msgid "" "_link:https://pubs.opengroup.org/onlinepubs/8329799/toc.htm[X/Open Single " "Sign-on Preliminary Specification]_. The Open Group. 1-85912-144-6. June " "1997." msgstr "" "_link:https://pubs.opengroup.org/onlinepubs/8329799/toc.htm[X/Open Single " "Sign-on Preliminary Specification]_. The Open Group. 1-85912-144-6. June " "1997." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:689 msgid "" "_link:https://mirrors.kernel.org/pub/linux/libs/pam/pre/doc/draft-morgan-" "pam-07.txt[Pluggable Authentication Modules]_. Andrew G. Morgan. 1999-10-06." msgstr "" "_link:https://mirrors.kernel.org/pub/linux/libs/pam/pre/doc/draft-morgan-" "pam-07.txt[Pluggable Authentication Modules]_. Andrew G. Morgan. 1999-10-06." #. type: Title === #: documentation/content/en/articles/pam/_index.adoc:690 #, no-wrap msgid "User Manuals" msgstr "Manuales de usuario" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:693 msgid "" "_link:https://docs.oracle.com/cd/E26505_01/html/E27224/pam-1.html[PAM " "Administration]_. Sun Microsystems." msgstr "" "_link:https://docs.oracle.com/cd/E26505_01/html/E27224/pam-1.html[PAM " "Administration]_. Sun Microsystems." #. type: Title === #: documentation/content/en/articles/pam/_index.adoc:694 #, no-wrap msgid "Related Web Pages" msgstr "Páginas web relacionadas" #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:697 msgid "" "_link:https://www.openpam.org/[OpenPAM homepage]_ Dag-Erling Smørgrav. " "ThinkSec AS." msgstr "" "_link:https://www.openpam.org/[OpenPAM homepage]_ Dag-Erling Smørgrav. " "ThinkSec AS." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:699 msgid "" "_link:http://www.kernel.org/pub/linux/libs/pam/[Linux-PAM homepage]_ Andrew " "Morgan." msgstr "" "_link:http://www.kernel.org/pub/linux/libs/pam/[Linux-PAM homepage]_ Andrew " "Morgan." #. type: Plain text #: documentation/content/en/articles/pam/_index.adoc:700 msgid "_Solaris PAM homepage_. Sun Microsystems." msgstr "_Página de PAM de Solaris_. Sun Microsystems." #~ msgid "" #~ "include::shared/attributes/attributes-{{% lang %}}.adoc[] include::shared/" #~ "{{% lang %}}/teams.adoc[] include::shared/{{% lang %}}/mailing-lists." #~ "adoc[] include::shared/{{% lang %}}/urls.adoc[]" #~ msgstr "" #~ "include::shared/attributes/attributes-{{% lang %}}.adoc[]\n" #~ "include::shared/{{% lang %}}/teams.adoc[]\n" #~ "include::shared/{{% lang %}}/mailing-lists.adoc[]\n" #~ "include::shared/{{% lang %}}/urls.adoc[]"