Today I learn Linux Account and PAM again. Although I used PAM before, due to lack of a consistent study of LINUX, I actually have a lot vague knowledge area, It is really nice to see PAM again.Let me begin with User Account.

We all understand that passwd is used to store and configure user password under LINUX. It can be a command to reset password or a file to store user information under /etc/passwd. There are acutully two types of information are useful for a LINUX user.

Account Information:UID, Default shell, home directory, group memberships

under /etc/passwdAuthentication: A method to tell that password is correct during login. By default, the authentification information is stored in /etc/shadow.

Lets see what `s under those files:

[root@ls ~]# useradd tony
[root@ls ~]# passwd tony
Changing password for user tony.
New UNIX password: #here I typed 123
BAD PASSWORD: it is WAY too short
Retype new UNIX password:  #here I typed 123 
passwd: all authentication tokens updated successfully.
[root@ls ~]# tail -n1 /etc/passwd
tony:x:501:501::/home/tony:/bin/bash
[root@ls ~]# tail -n1 /etc/shadow
tony:$1$ePbTlQEb$b7YsMvQmFoa154q0Xvkz4.:14753:0:99999:7:::

We can see one line under passwd and one line under shadow are added into two files. 
The hash codes after tony is encryped password for tony. 
And the system will use this line to match user tony`s password during login.

Account information actually is name service.
We can define how  Name Service works by configure Name Service Switch(NSS). 
It is under /etc/nsswitch.conf.

Under this file, we can see some familiar name services, 
like hosts, passwd, networks, shadow. By default, followed them there are one word files, 
which means it will find the information through local files.
If we change the line of passwd into passwd: files nis ldap , 
it specifies that for inormation typically stored in /etc/passwd, 
first look in local files, the NIS server, finnally LDAP server.

About Lei

I am an IT specialist with over 10 year experience - years on Automation, on-Premise or Azure.

I am happy to develop however never want be a full time developer. Only do what I have to do. If it has to be PowerShell,HTML, PHP, CSS, C#, VBS or JS, front end or backend, so be it, doesn't matter!

Spent years with Windows, SCCM, SharePoint, SQL and Exchange servers. For last several years, I have been actively working under On Premise > Azure environment.

THERE IS NO WAY BACK!!!

Current Certificates:
    Microsoft® Certified-
  • -Enterprise Administrator
  • -Database Administrator
  • -SharePoint Administrator
  • -Administering and Deploying SCCM 2012
Red Hat Certified Technician
ITIL V3 Foundation - Practitioner

Working on Azure Certificates now and hopefully they can stop upgrading their questions one day! GIVE ME A BREAK!

Contact Lei

Name *
Email *
Comments *

Traffic since 10/08/2016

Today13
Yesterday83
This week637
This month1933
Total416293

Visitor Info

  • IP: 54.221.73.186
  • Browser: Unknown
  • Browser Version:
  • Operating System: Unknown

Who Is Online

1
Online

2017-12-17

Login