6 Nisan 2022 Çarşamba

Pluggable Authentication Modules (PAM)

Giriş
PAM'e bir sürü module takılabilir. Örneğin
- pam_unix
- pam_ldap

passwd komutu yazısında bazı örnekler var
Ayrıca Ubuntuda getty de giriş için PAM'i kullanır


pam_unix
pam_unix'in açıklaması şöyle. /etc/passwd dosyası artık kullanılmadığına göre, /etc/shadow dosyasındaki şifreye göre şifreyi kontrol eder
NAME
   pam_unix - Module for traditional password authentication

SYNOPSIS
   pam_unix.so [...]

DESCRIPTION
   This is the standard Unix authentication module. It uses standard calls
   from the system's libraries to retrieve and set account information as
   well as authentication. Usually this is obtained from the /etc/passwd
   and the /etc/shadow file as well if shadow is enabled.
nullok alanı
Açıklaması şöyle/etc/shadow dosyasında şire alanı boş ise şifre sormadan giriş yapılabilir
nullok
The default action of this module is to not permit the user access to a service if their official password is blank. The nullok argument overrides this default.

(if it's enabled, and the password is empty, the module doesn't even ask for the password but accepts the login directly.)


getty - Ubuntu İçin Login

Giriş
Açıklaması şöyle
First, you don't log in to a shell, you log in to a (virtual) terminal.
  • a getty program opens a tty port, prompts for a login name and invokes a login program (/bin/login by default - although Linux's agetty may be configured to use a non-standard login program)

  • the login program performs authentication and session setup, including initializing the environment and invoking the user's login shell.
In current Ubuntu systems, getty is managed as a systemd service (ex. getty@tty1.service for the virtual terminal tty1), and login uses the Pluggable Authentication Modules (PAM) subsystem for authentication - in particular, the pam_unix module is "for traditional password authentication".