Password Checking and Login Restrictions

does not replace the /bin/login executable. Even when  is running, passwords continue to be checked against /etc/passwd, the shadow password file, or the NIS passwd map. But  also performs more checks, described in the following section.
capamsc141
Privileged Access Manager
does not replace the /bin/login executable. Even when 
Privileged Access Manager
is running, passwords continue to be checked against /etc/passwd, the shadow password file, or the NIS passwd map. But 
Privileged Access Manager
also performs more checks, described in the following section.