Chapter 7. Pluggable Authentication Modules (PAM)
Programs which give privileges to users must properly authenticate each
user. For instance, when you log into a system, you provide your username
and password, and the log in process uses this username and password to
verify your identity.
Pluggable Authentication Modules (PAM) allows the
system administrator to set authentication policies for PAM-aware
applications without having to recompile authentication programs. PAM does
this by utilizing a pluggable, modular architecture. Which modules PAM
calls for a particular application is determined by looking at that
application's PAM configuration file in the
/etc/pam.d/ directory.
In most situations, you will never need to alter the default PAM configuration
files for a PAM-aware application. Whenever you use RPM to install programs
that require authentication, they automatically make the changes necessary
to do normal password authentication using PAM. However, if you need to
customize the PAM configuration file, you must understand the structure of
this file (see the Section called PAM Configuration Files for more information).
Advantages of PAM
When used correctly, PAM provides the following advantages for a system
administrator:
It provides a common authentication scheme that can be used
with a wide variety of applications.
It allows great flexibility and control over authentication
for both the system administrator and application developer.
It allows application developers to develop their program
without implementing a particular authentication scheme. Instead,
they can focus purely on the details of their program.
