The following lines were added (+) and removed (-):
PAM is not itself a password database, but rather its configuration tells the system how exactly to do the authentication. There is a PAM module that is used to authenticate a user from /etc/.shadow called pam_unix.so - a module used to authenticate all users local and remote during login. * Options can be passed to pam_unix in the /etc/pam.d/login filesample PAM application configuration file: #%PAM-1.0 auth required pam_securetty.so auth required pam_unix.so nullok auth required pam_nologin.so account required pam_unix.so password required pam_cracklib.so retry=3 password required pam_unix.so shadow nullok use_authtok session required pam_unix.soKEY Configuration lines:auth required pam_securetty.so — This module ensures that if the user is trying to log in as root, the tty on which the user is logging in is listed in the /etc/securetty file, if that file exists. auth required pam_unix.so nullok — This module prompts the user for a password and then checks the password using the information stored in /etc/passwd and, if it exists, /etc/shadow. auth required pam_nologin.so — This is the final authentication step. It checks whether the /etc/nologin file exists. If it exists and the user is not root, authentication fails.