Home > Articles > Programming > Android

  • Print
  • + Share This

PAM and Passwords Summary

Figure 5.2 reviews Example 5-3 on page 86 in its entirety. When Mary executes the passwd command, Linux-PAM is invoked. Linux-PAM reads the /etc/pam.d/passwd file and executes each module listed in order. First

Fig. 5.2 PAM-Controlled Password Change

Mary is authenticated with her old password; this occurs due to the pam_pwdb entry with module type auth. Second, pam_pwdb is invoked with module type account to verify Mary's account (and to check, for example, if password aging permits her to change it now). Third, Mary is prompted for the new password by the pam_cracklib entry with module type password. Fourth, and finally, after Mary has successfully entered a new password, pam_pwdb with module type password updates the pwdb library. Now she has a new password.


The root user is not subject to any of these constraints and may set any password for any user.

Notice that all four entries in /etc/pam.d/passwd use the control flag required, which means that all four modules must be satisfied in order for the password change to be successful.

Now that we have a fundamental understanding of PAM, let's go on and look at some of the other services it manages.

  • + Share This
  • 🔖 Save To Your Account

Related Resources

There are currently no related titles. Please check back later.