How to check if an authentication method is enabled in Linux

Introduction

In this lab, you will learn how to check which authentication methods are enabled on a Linux system. We will explore key configuration files that govern how users are authenticated and authorized.

You will begin by examining the PAM (Pluggable Authentication Modules) configuration files located in /etc/pam.d/ to understand the basic framework for authentication. Next, you will inspect the SSSD (System Security Services Daemon) configuration file at /etc/sssd/sssd.conf to see if it's configured for remote identity sources. Finally, you will check the NSS (Name Service Switch) configuration in /etc/nsswitch.conf to determine the order in which the system looks up user and group information. By the end of this lab, you will have a foundational understanding of where to look to identify the active authentication methods on a Linux system.

Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL linux(("Linux")) -.-> linux/BasicFileOperationsGroup(["Basic File Operations"]) linux/BasicFileOperationsGroup -.-> linux/ls("Content Listing") linux/BasicFileOperationsGroup -.-> linux/cat("File Concatenating") subgraph Lab Skills linux/ls -.-> lab-558781{{"How to check if an authentication method is enabled in Linux"}} linux/cat -.-> lab-558781{{"How to check if an authentication method is enabled in Linux"}} end

Check PAM config with ls /etc/pam.d

In this step, we'll start exploring how Linux handles user authentication and authorization. One key component is PAM, which stands for Pluggable Authentication Modules. PAM provides a flexible way to manage how users log in, change passwords, and access system resources.

Think of PAM as a set of rules that applications (like the login screen or sudo) consult before allowing a user to perform an action. These rules are defined in configuration files, primarily located in the /etc/pam.d/ directory.

Let's take a look at the PAM configuration files on this system. We'll use the ls command, which lists directory contents.

Open your terminal if it's not already open. Remember, you can find the Xfce Terminal icon on the left side of your desktop.

Type the following command and press Enter:

ls /etc/pam.d/

You will see a list of files. Each file typically corresponds to a service or application that uses PAM for authentication. For example, you might see files like common-auth, login, sudo, sshd, etc.

atd
chfn
chsh
common-account
common-auth
common-password
common-session
common-session-noninteractive
cron
... (output may vary)

These files contain the specific PAM rules for each service. We won't dive into the details of the file contents just yet, but it's important to know where these configurations live.

Understanding PAM is crucial for managing user access and security in Linux. By listing the contents of /etc/pam.d/, you've taken the first step in seeing how authentication is configured on this system.

Click Continue to proceed to the next step.

Verify SSSD config with cat /etc/sssd/sssd.conf

In this step, we'll look at another important component related to user management and authentication: SSSD. SSSD stands for System Security Services Daemon. It's a service that provides access to remote authentication and identity sources like LDAP, Active Directory, or FreeIPA.

SSSD can cache credentials and information, which improves performance and allows users to authenticate even if the network connection to the remote source is temporarily unavailable.

The main configuration file for SSSD is typically located at /etc/sssd/sssd.conf. We'll use the cat command to display the contents of this file. The cat command is a simple utility used to display the content of files.

Type the following command in your terminal and press Enter:

cat /etc/sssd/sssd.conf

You will see the configuration details for SSSD. The content of this file will depend on whether SSSD is configured to connect to any external identity sources. On a basic system, the file might be minimal or contain default settings.

[sssd]
domains =
config_file_version = 2
services = nss, pam

[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3

[pam]
reconnection_retries = 3

This output shows the basic structure of the sssd.conf file. The [sssd] section contains global settings, and the services line indicates that SSSD is providing services for nss (Name Service Switch) and pam. The [nss] and [pam] sections contain settings specific to those services.

Even if SSSD isn't fully configured for a remote source, its presence and basic configuration in sssd.conf indicate that the system is set up to potentially use it for authentication and identity lookups.

Examining this file helps you understand if your system is configured to use SSSD and which services it's integrated with.

Click Continue to move on to the next step.

Inspect NSS config with cat /etc/nsswitch.conf

In this final step of this introductory lab, we'll examine the Name Service Switch (NSS) configuration. NSS is a crucial part of how Linux systems determine where to look for information about users, groups, hostnames, and other network-related data.

When a program needs to look up a user's information (like their user ID or home directory), it consults the NSS configuration to know which sources to check and in what order. These sources can include local files (like /etc/passwd and /etc/group), DNS, LDAP, or services like SSSD (which we just looked at).

The configuration file for NSS is /etc/nsswitch.conf. We'll use the cat command again to view its contents.

Type the following command in your terminal and press Enter:

cat /etc/nsswitch.conf

You will see lines specifying which sources to use for different types of information. Each line starts with the type of information (e.g., passwd, group, hosts) followed by a colon and a list of sources to check.

## /etc/nsswitch.conf
#
## Example configuration of GNU Name Service Switch functionality.
## If you have the `glibc-doc-reference' and `info' packages installed, try:
## `info libc "Name Service Switch"' for information.

passwd:         compat systemd
group:          compat systemd
shadow:         compat

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

In this example output:

passwd: compat systemd means that when looking up user information, the system should first check sources configured by compat (often referring to traditional files like /etc/passwd) and then systemd.
hosts: files dns means that when resolving hostnames, the system should first check the local /etc/hosts file (files) and then use DNS.

The order of the sources on each line is important, as the system checks them sequentially until it finds the requested information.

Understanding nsswitch.conf helps you troubleshoot issues related to user logins, hostname resolution, and other identity-related problems by showing you the order in which your system looks up this information.

You've now had a brief look at three key areas related to user management and authentication in Linux: PAM, SSSD, and NSS. This is a foundational step in understanding how your system handles identities and access.

Click Continue to complete this lab.

Summary

In this lab, we began exploring how Linux manages user authentication by examining key configuration files. We first used ls /etc/pam.d/ to list the Pluggable Authentication Modules (PAM) configuration files, which define authentication rules for various services and applications. This showed us where the core authentication policies are stored on the system.

Next, we started to investigate the System Security Services Daemon (SSSD) by attempting to view its configuration file at /etc/sssd/sssd.conf using the cat command. SSSD is a crucial service for integrating with remote identity and authentication sources, and examining its configuration helps determine if and how the system is configured to authenticate against external directories.