PAM is a suite of shared libraries that enable the local system administrator to choose how applications authenticate users.

In other words, without (rewriting and) recompiling a PAM-aware application, it is possible to switch between the authentication mechanism(s) it uses. One may entirely upgrade the local authentication system without touching the applications themselves.

This PAM library is configured locally with a system file, /etc/pam.conf (or a series of configuration files located in /etc/pam.d/) to authenticate a user request via the locally available authentication modules.

The modules themselves will usually be located in the directory /lib/security or /lib64/security and take the form of dynamically loadable object files. See dlopen(3)).

PAM deals with four separate types of (management) task:

• authentication management
• account management
• session management
• password management

These are handled in the relevant Linux-PAM configuration file.

The actual management functions are performed by modules specified in the configuration file.

pam_passwdqc