Steps after username and password is entered !

juzz4fun · June 12, 2013, 4:59pm

Hi,

I know this sounds crazy question.. but I am just curious to know what happens next when I enter username and password and hit enter on a new Unix session (using Putty)? I mean which file gets executed, how the default login shell is determined etc...

regards
juzz4fun

Corona688 · June 12, 2013, 6:49pm

If you login to a local terminal, you talk to /bin/login, if you login with sshd it goes its own way, but these days everything talks to the same login system -- pam. (pluggable authentication modules) It's not a program, it's a library, and it's very very picky about what it talks to, all controlled by configuration files under /etc/pam.d/

It's very configurable, but you mostly see it used the traditional way, where it checks /etc/passwd for login information and /etc/shadow for passwords.

/etc/passwd is where things like the location of your home folder and your default shell are stored. It can be read by anyone. /etc/shadow, readable only by root, is where hashed passwords are stored -- passwords go through a one-way function like md5 or sha to scramble them. You can't turn it back into a password, you can only compare two hashes to see if they're the same. (And even that takes some effort, because pam 'salts' them with a small random string.)

Still, hashed passwords aren't invulnerable. With enough computing power, you can hash millions of possible passwords until you find a match. This is why the 'passwd' file doesn't contain passwords anymore; as computers became more powerful, the hashed passwords required better protection.

So pam compares the hash of the password you typed with the stored hash to see if they match, and if they do, makes the setuid() system call to change its process ID into a different user, and following that, executes your shell.

juzz4fun · June 13, 2013, 9:13am

Wow... you are something, Corona688 !

Just wondering... the /etc/passwd file doesn't contain anything related to my userid/home dir/default shell... but it does contain info related to couple of other folks who works with me as system admin....
Once default shell is executed, .profile file is read... I know I can modify my .profile file to contain exec bash to use bash instead of default ksh
I was thinking if I can make bash a default shell itself...

Anyway, thank you for the information you provided.

vbe · June 13, 2013, 9:37am

So you connect using LDAP or NIS (NIS+) and the information is written elsewhere...
You didnt say what system the remote host was...

juzz4fun · June 13, 2013, 10:16am

Apologies !
I was looking at old passwd file.... new file does contain the required information...
Thanks everyone...

alister · June 13, 2013, 11:31am

You can use chsh to change your default login shell.

Regards,
Alister