Linux – Where does Linux check passwords

linuxpampassword

I know that passwords are stored in /etc/shadow

However, during the login process, I'm assuming that Linux take your username and password as an argument, encrypt your password with the same algorithm and compare it to the one stored in the shadow.

My question is, where does this process take place? (the code) I tried to search the PAM but I couldn't find anything useful there either.

Best Answer

Within PAM, for a local password stored in /etc/shadow, the job of checking the password is performed by pam_unix.

Under the hood, the verification is done by the crypt function. (Actually, in most cases, by crypt_r.) Note that despite the name, this function does not encrypt or decrypt the password, it hashes the password. The password field in /etc/shadow contains parameters for the hashing as well as the actual hash value.

The source code of the pam_unix module is part of Linux-PAM. The source code of the crypt function is part of the C library (Glibc).

Related Solutions

Can separate unix accounts share a username but have separate passwords

I don't believe that's possible. You could have two entries in /etc/passwd with the same user names but different UIDs, but the system would probably just ignore the second one (or misbehave in some way); arguably such an /etc/passwd file would be considered corrupt.

When you login to the system, you're first prompted for your user name. Once you've done that, the system prompts for your password, and checks whether the entered password matches the password for the account corresponding to that user name. By the time you're entering your password, the system has already determined what account you're trying to access.

I suppose you could modify various pieces of the system to get the behavior you want, but you'd have to replace several different pieces of software, including anything that authenticates and authorizes users (console login, su, ssh, and whatever other methods are enabled). Any mistakes would likely open huge gaping security holes.

EDIT : Based on the comments, PAM is probably the way to do this. I'm not familiar enough with PAM to go into more detail. (It's still a really bad idea.)

Linux – where is the PATH for users set in linux, before any shell, or sudo, pam.d changes it

It's hard-coded in the sshd binary.

$ strings /usr/sbin/sshd |grep /usr/local/bin
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11
/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games

In the OpenSSH portable code, that's _PATH_STDPATH which defaults to /usr/bin:/bin:/usr/sbin:/sbin for both root and non-root. The Debian build rules set this to /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin for root, /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games for non-root on Ubuntu, /usr/local/bin:/usr/bin:/bin on installation live media (udeb), and /usr/local/bin:/usr/bin:/bin:/usr/games for non-root otherwise.

Best Answer

Related Solutions

Can separate unix accounts share a username but have separate passwords

Linux – where is the PATH for users set in linux, before any shell, or sudo, pam.d changes it

Related Question