As I know, there are many pam modules
#ll /usr/lib64/security/ | grep pam | wc -l
57
#ll /usr/lib64/security/ | grep pam_unix.so
lrwxrwxrwx 1 root root 11 Apr 14 23:40 pam_unix_acct.so -> pam_unix.so
lrwxrwxrwx 1 root root 11 Apr 14 23:40 pam_unix_auth.so -> pam_unix.so
lrwxrwxrwx 1 root root 11 Apr 14 23:40 pam_unix_passwd.so -> pam_unix.so
lrwxrwxrwx 1 root root 11 Apr 14 23:40 pam_unix_session.so -> pam_unix.so
-rwxr-xr-x 1 root root 57688 Dec 13 2015 pam_unix.so
#ll /usr/lib64/security/ | grep pam_systemd.so
-rwxr-xr-x 1 root root 267840 Sep 18 2016 pam_systemd.so
but, what is the difference between pam_unix
and pam_systemd
?
For example: crond
when I mask systemd-logind
, I find that: crond process —->pam_systemd——>systemd-logind, but, what makes crond decide to call pam_systemd
but not pam_unix
? what difference between pam_unix
and pam_systemd
?
crond[48269]: pam_systemd(crond:session): Failed to create session: Unit systemd-logind.service is masked.
Best Answer
PAM means Pluggable Authentication Module and is based on RFC 86.0.
pam_unix
andpam_systemd
are two different modules with different roles. According to their respective man pages:and