Today I learn Linux Account and PAM again. Although I used PAM before, due to lack of a consistent study of LINUX, I actually have a lot vague knowledge area, It is really nice to see PAM again.
Let me begin with User Account.
We all understand that passwd is used to store and configure user password under LINUX. It can be a command to reset password or a file to store user information under /etc/passwd. There are acutully two types of information are useful for a LINUX user.
Account Information:UID, Default shell, home directory, group memberships … under /etc/passwd
Authentication: A method to tell that password is correct during login.
By default, the authentification information is stored in /etc/shadow.
Lets see what `s under those files:
[root@ls ~]# useradd tony
[root@ls ~]# passwd tony
Changing password for user tony.
New UNIX password: #here I typed 123
BAD PASSWORD: it is WAY too short
Retype new UNIX password: #here I typed 123
passwd: all authentication tokens updated successfully.
[root@ls ~]# tail -n1 /etc/passwd
[root@ls ~]# tail -n1 /etc/shadow
We can see one line under passwd and one line under shadow are added into two files. The hash codes after tony is encryped password for tony. And the system will use this line to match user tony`s password during login.
Account information actually is name service.We can define how Name Service works by configure Name Service Switch(NSS). It is under /etc/nsswitch.conf.
Under this file, we can see some familiar name services, like hosts, passwd, networks, shadow. By default, followed them there are one word files, which means it will find the information through local files.If we change the line of passwd into passwd: files nis ldap , it specifies that for inormation typically stored in /etc/passwd, first look in local files, the NIS server, finnally LDAP server.