Welcome to pam_xacml!

Please note, that this page ist work in progress...

pam_xacml provides XACML support for many existing pam enabled applications and does not require changes to the code. XACML authorization with pam_xacml can simply be enabled through the pam configuration. The pam_xacml module currently works with the sunxacml implementation and Joseph Bester's PDP. Our code was written with extensibility for other XACML Policy Decision Points in mind. Please refer to Information for Developers and contact us if you want to add support for other XACML PDPs.

pam_xacml also introduces a simplified XACML pam conversation function, for application developers that want to support XACML directly without committing to a specific XACML framework.

Our code was written with extensibility for other XACML Policy Decision Points in mind. Please refer to Information for Developers and contact us if you want to add support for other XACML PDPs. The current code is NOT intended for production use. It is intended for evaluating the use of XACML policies in different scenarios with out-of-the-box unix applications.

pam_xacml is distributed under the LGPL license. Some third party contributions of the distribution underly different licenses.

What is this XACML thing?

The eXtensible Access Control Markup Language (XACML) allows for generic access control policies in XML format. Authorization policies today are formulated for individual services. This makes it difficult to state the access rights for individual users. XACML allows for unified authorization policies: Use one consistent XACML policy for multiple services! The problem of XACML is, that only few applications support authorization with XACML.



for unified authorization