Programs that give privileges to users must properly authenticate (verify
the identity of) each user. When you log in to a system, you
provide your username and password, and the login process uses the
username and password to authenticate the login — to verify that you
are who you say you are. Forms of authentication other than passwords are
possible, and the passwords can be stored in different ways.
Pluggable Authentication Modules (PAM) is a way of allowing the system
administrator to set an authentication policy without having to recompile
authentication programs. With PAM, you control how particular
authentication modules are plugged into a program by editing that
program's PAM configuration file in /etc/pam.d.
Most Red Hat Linux users will never need to alter PAM configuration files for any
of their programs. When you use RPM to
install programs that require authentication, they automatically make the
changes necessary to do normal password authentication using PAM. However,
if you need to customize your configuration, you must understand the
structure of a PAM configuration file. More information can be found in the section called PAM Modules.
When used correctly, PAM provides many advantages for a system
administrator, such as the following:
A common authentication scheme that can be used with a wide
variety of applications.
PAM can be implemented with various applications without having to
recompile the applications to specifically support PAM.
Great flexibility and control over authentication for the
administrator and application developer.
Application developers do not need to develop their program to use
a particular authentication scheme. Instead, they can focus purely
on the details of their program.
