The difference between pam_unix and pam_systemd

pamsystemd

As I know, there are many pam modules

#ll /usr/lib64/security/ | grep pam | wc -l
57

#ll /usr/lib64/security/ | grep pam_unix.so
lrwxrwxrwx 1 root root     11 Apr 14 23:40 pam_unix_acct.so -> pam_unix.so
lrwxrwxrwx 1 root root     11 Apr 14 23:40 pam_unix_auth.so -> pam_unix.so
lrwxrwxrwx 1 root root     11 Apr 14 23:40 pam_unix_passwd.so -> pam_unix.so
lrwxrwxrwx 1 root root     11 Apr 14 23:40 pam_unix_session.so -> pam_unix.so
-rwxr-xr-x 1 root root  57688 Dec 13  2015 pam_unix.so

#ll /usr/lib64/security/ | grep pam_systemd.so
-rwxr-xr-x 1 root root 267840 Sep 18  2016 pam_systemd.so

but, what is the difference between pam_unix and pam_systemd?

For example: crond

when I mask systemd-logind, I find that: crond process —->pam_systemd——>systemd-logind, but, what makes crond decide to call pam_systemd but not pam_unix ? what difference between pam_unix and pam_systemd?

crond[48269]: pam_systemd(crond:session): Failed to create session: Unit systemd-logind.service is masked.

Best Answer

PAM means Pluggable Authentication Module and is based on RFC 86.0.

pam_unix and pam_systemd are two different modules with different roles. According to their respective man pages:

pam_unix [is the m]odule for traditional password authentication

[...]

This is the standard Unix authentication module. It uses standard calls from the system's libraries to retrieve and set account information as well as authentication. Usually this is obtained from the /etc/passwd and the /etc/shadow file as well if shadow is enabled.

and

pam_systemd [r]egister[s] user sessions in the systemd login manager

[...]

pam_systemd registers user sessions with the systemd login manager systemd-logind.service(8), and hence the systemd control group hierarchy.

For example: crond

Best Answer

Related Solutions

The difference between NSS and PAM

The difference between Process: and Main PID: in the output of systemctl status

Related Question