The example in Chapter 2 discussed how to get PAM to mount encrypted home directories transparently as you log in. Both Linux and OpenBSD support encrypted home directories, but the configuration is slightly different. The previous chapters have provided the background, and it is time to return to the example in order to understand it.
The authentication configuration can be boiled down to this(the /etc/pam.d/common-auth
file in many current Linux distributions):
auth required pam_unix.so nullok_secure auth optional pam_mount use_first_pass
The first line does the actual authentication of the user. The classic UNIX style (pam_unix) is chosen, but it is not hard to imagine using another back end, for example, LDAP or NIS. It is required that the user is authenticated, and if the user is either not found or the password is wrong, the login is rejected. In the second line, the password from the first module (pam_unix.so) is reused (the use_first_pass option), and...