PAM in Linux :-
This module provides traditional Unix authentication, password management, and user account setup. It uses standard system calls to retrieve and set password and account information, and relies on /etc/shadow and/etc/passwd.
Establishes the validity of the user’s account and password and may offer advice on changing the user’s password, or force a password change. The actions this module performs are controlled by the/etc/passwd and /etc/shadow files.
Arguments: audit, debug.
This component of the module checks the user’s password against the password databases. Configuration for this component is done in /etc/nsswitch.conf. An additional binary, unix_chkpwd, is used to allow the component to read protected databases without requiring the whole module to besetuid root.
Arguments: audit, debug, nodelay, nullok, try_first_pass, use_first_pass.
This component changes the user’s password. The module pam_cracklib.so can be stacked with this component to check password security.
Arguments: audit, bigcrypt, debug, md5, nis, not_set_pass, nullok, remember, try_first_pass,use_authtok, and use_first_pass.
This component logs the user name and session type to syslog, at the start and end of the user’s session. There are no arguments to this component.
- audit — A more extensive form of debug
- bigcrypt — Use the DEC “C2” extension to crypt().
- debug — Log information using syslog
- md5 — Use md5 encryption instead of crypt().
- nis — Use NIS (Network Information Service) passwords.
- nodelay — By default, the module requests a delay-on-failure of a second. This argument overrides the default.
- not_set_pass — Don’t use the passwords from other stacked modules. Don’t give the new password to other stacked modules.
- nullok — By default, if the official password is blank, the authentication fails. This argument overrides the default.
- remember (remember=n) — Save n recent passwords to prevent the user from alternating passwords.
- try_first_pass — Use the password from the previous stacked auth module, and prompt for a new password if the retrieved password is blank or incorrect.
- use_authtok — Set the new password to the one provided by a previous module.
- use_first_pass — Use the result from the previous stacked auth module, never prompts the user for a password, fails if the result was a fail.