The difference between /etc/pam.d/login and /etc/pam.d/system-auth?
/etc/pam.d/system-auth file is used by Red-Hat and like systems to group together common security policies. It is often included in other
/etc/pam.d policy files where those common policies are required.
When accessing a system via ssh through sshd, the
/etc/pam.d/sshd policy file is consulted. This file includes
/etc/pam.d/system-auth so your changes to
/etc/pam.d/system-auth are valid.
/etc/pam.d/login is consulted when you log in via the
/bin/login program therefore any changes to it only affect
- login - rules for local (console login)
- system-auth - common rules many services
- password-auth - common rules for many remote services
- sshd - rules for SSHD daemon only
Now I am not very clear about the difference between /etc/pam.d/login and /etc/pam.d/system-auth. Could anyone give me some reference or some guide?
OpenSSH use /etc/pam.d/sshd module. /etc/pam.d/sshd:
auth include system-auth
OpenSSH not use /etc/pam.d/login to auth. /etc/pam.d/login and /etc/pam.d/system-auth is different modules to different programs.