PAM

From Linux 101, The beginner's guide to all things Linux.

Linux-PAM is a free implementation of the following DCE-RFC from Sunsoft.

(From the FAQ)
Q1: What exactly is PAM?
A1: PAM = Pluggable Authentication Modules

Basically, it is a flexible mechanism for authenticating users.

Since the beginnings of UNIX, authenticating a user has been accomplished via the user entering a password and the system checking if the entered password corresponds to the encrypted official password that is stored in /etc/passwd . The idea being that the user is really that user if and only if they can correctly enter their secret password.

That was in the beginning. Since then, a number of new ways of authenticating users have become popular. Including more complicated replacements for the /etc/passwd file, and hardware devices Smart cards etc..

The problem is that each time a new authentication scheme is developed, it requires all the necessary programs (login, ftpd etc...) to be rewritten to support it.

PAM provides a way to develop programs that are independent of authentication scheme. These programs need "authentication modules" to be attatched to them at run-time in order to work. Which authentication module is to be attatched is dependent upon the local system setup and is at the discretion of the local system administrator.

This page was taken from the Linux-PAM (Pluggable Authentication Modules for Linux) website regarding What Is Linux-PAM?.