PAM (Pluggable authentication module)
PAM is a suite of shared libraries that enable the local system administrator to choose how applications authenticate users.
In other words, without (rewriting and) recompiling a PAM-aware application, it is possible to switch between the authentication mechanism(s) it uses. One may entirely upgrade the local authentication system without touching the applications themselves.
This PAM library is configured locally with a system file, /etc/pam.conf (or a series of configuration files located in /etc/pam.d/) to authenticate a user request via the locally available authentication modules.
The modules themselves will usually be located in the directory /lib/security or /lib64/security and take the form of dynamically loadable object files. See dlopen(3)).
PAM deals with four separate types of (management) task:
- authentication management
- account management
- session management
- password management
These are handled in the relevant Linux-PAM configuration file.
The actual management functions are performed by modules specified in the configuration file.
If a program is going to use PAM, then it has to have PAM functions explicitly coded into the program.
If a program does not have the PAM functions included, then it is not possible to use PAM.
Check is a program can use PAM