and compares them to the hashes in /etc/passwd or /etc/shadow?

This may help I suppose.

hmmm, when I enter my user name then my password then press enter which program/piece of software takes the password I entered then encrypts it into a hash then compares it?

“agetty” is the login manager, at least in Arch until systemd. I have “agetty” if I look in inittab on my system, which still functions without systemd. “agetty” can use glibc functions to make hash of the password you entered and then compare. But this is just a conjecture.

With PAM (Pluggable Authentication Modules), pretty much anything could be used. You would need to look at /etc/pam.d/system-auth and see what programs are invoked (e.g., pam_unix.so) and read their manpages to see how the password is checked.

No - agetty just initializes the terminal with the appropriate baud rate, bit rate, modem control... then it execs login (I believe it is a "login -p"), it is also possible that the username is read by agetty, and then execs "login <username>" to handle the password.

But it is login that reads the password, invokes a PAM module to hash it, then it proceeds to validate the user (home directory handling, proper shell - which may actually be tested first, security flags...), and then after validation, login execs the users shell.

If the user is not validated, then login exits... and the init process restarts the agetty to reset and reinitialize the terminal (this is partly to prevent any carry over data from a login, but mostly just to ensure the terminal is working properly).

1 members found this post helpful.