Chapter 8. Pluggable Authentication Modules (PAM)

Programs that give privileges to users must properly authenticate (verify the identity of) each user. When you log in to a system, you provide your username and password, and the login process uses the username and password to authenticate the login — to verify that you are who you say you are. Forms of authentication other than passwords are possible, and the passwords can be stored in different ways.

Pluggable Authentication Modules (PAM) is a way of allowing the system administrator to set an authentication policy without having to recompile authentication programs. With PAM, you control how particular authentication modules are plugged into a program by editing that program's PAM configuration file in /etc/pam.d.

Most Red Hat Linux users will never need to alter PAM configuration files for any of their programs. When you use RPM to install programs that require authentication, they automatically make the changes necessary to do normal password authentication using PAM. However, if you need to customize your configuration, you must understand the structure of a PAM configuration file. More information can be found in the section called PAM Modules.

Advantages of PAM

When used correctly, PAM provides many advantages for a system administrator, such as the following: