The difference between /etc/pam.d/login and /etc/pam.d/system-auth?
Solution 1:
The /etc/pam.d/system-auth
file is used by Red-Hat and like systems to group together common security policies. It is often included in other /etc/pam.d
policy files where those common policies are required.
When accessing a system via ssh through sshd, the /etc/pam.d/sshd
policy file is consulted. This file includes /etc/pam.d/system-auth
so your changes to /etc/pam.d/system-auth
are valid.
The file /etc/pam.d/login
is consulted when you log in via the /bin/login
program therefore any changes to it only affect /bin/login
.
Solution 2:
- login - rules for local (console login)
- system-auth - common rules many services
- password-auth - common rules for many remote services
- sshd - rules for SSHD daemon only
Solution 3:
Now I am not very clear about the difference between /etc/pam.d/login and /etc/pam.d/system-auth. Could anyone give me some reference or some guide?
OpenSSH use /etc/pam.d/sshd module. /etc/pam.d/sshd:
auth include system-auth
OpenSSH not use /etc/pam.d/login to auth. /etc/pam.d/login and /etc/pam.d/system-auth is different modules to different programs.