Chapter 14. Pluggable Authentication Modules (PAM)
Programs which allow users access to a system verify the user's identity
through a process called
authentication. Historically, each such program had
its own way of performing the task of authentication. Under Red Hat Linux, many
such programs are configured to use a centralized authentication process
called Pluggable Authentication Modules
PAM uses a pluggable, modular architecture, which affords the system
administrator a great deal of flexibility in setting authentication policies
for the system.
In most situations, the default PAM configuration file for a PAM-aware
application is sufficient. However, sometimes it may become necessary to
edit a PAM configuration file. Because misconfiguration of PAM can
compromise system security, it is important to understand the structure of
these files before making any modifications (refer to Section 14.3 PAM Configuration File Format for more information).
14.1. Advantages of PAM
PAM offers the following advantages:
Provides a common authentication scheme that can be used
with a wide variety of applications.
Allows a large amount of flexibility and control over
authentication for both the system administrator and application
Allows application developers to develop programs without
creating their own authentication scheme.