Pluggable Authentication Modules (PAM)

Giriş

PAM'e bir sürü module takılabilir. Örneğin

- pam_unix

- pam_ldap

passwd komutu yazısında bazı örnekler var

Ayrıca Ubuntuda getty de giriş için PAM'i kullanır

pam_unix

pam_unix'in açıklaması şöyle. /etc/passwd dosyası artık kullanılmadığına göre, /etc/shadow dosyasındaki şifreye göre şifreyi kontrol eder

NAME
   pam_unix - Module for traditional password authentication

SYNOPSIS
   pam_unix.so [...]

DESCRIPTION
   This is the standard Unix authentication module. It uses standard calls
   from the system's libraries to retrieve and set account information as
   well as authentication. Usually this is obtained from the /etc/passwd
   and the /etc/shadow file as well if shadow is enabled.

nullok alanı

Açıklaması şöyle. /etc/shadow dosyasında şire alanı boş ise şifre sormadan giriş yapılabilir

nullok
The default action of this module is to not permit the user access to a service if their official password is blank. The nullok argument overrides this default.

(if it's enabled, and the password is empty, the module doesn't even ask for the password but accepts the login directly.)

getty - Ubuntu İçin Login

Giriş

Açıklaması şöyle

First, you don't log in to a shell, you log in to a (virtual) terminal.

• a getty program opens a tty port, prompts for a login name and invokes a login program (/bin/login by default - although Linux's agetty may be configured to use a non-standard login program)
• 
  
• the login program performs authentication and session setup, including initializing the environment and invoking the user's login shell.

In current Ubuntu systems, getty is managed as a systemd service (ex. getty@tty1.service for the virtual terminal tty1), and login uses the Pluggable Authentication Modules (PAM) subsystem for authentication - in particular, the pam_unix module is "for traditional password authentication".