Authentication mechanisms in Linux
Before we learn about centralized authentication mechanisms, we need to learn how authentication works in Linux in general. Before a system can check user credentials, it needs to fetch user information first – let’s examine how information lookup works.
Information about users and groups is necessary for authentication, but it has many other uses. For example, file ownership information is usually displayed in a human-readable fashion, but internally, filesystems store numeric user and group identifiers, so even programs that have nothing to do with security, such as
ls, may need to have a way to look up information about users and groups to map their identifiers to names.
The POSIX API standard includes multiple functions for querying information about various entities such as users, groups, and hosts. For example,
gethostbyname(name) retrieves network addresses associated with a domain name, and