Chapter 16. Pluggable Authentication
Modules (PAM)
Programs which grant users access to a system verify each user's
identity through a process called authentication. Historically, each such program had
its own way of performing the task of authentication. Under Red Hat
Enterprise Linux, many such programs are configured to use a
centralized authentication mechanism called Pluggable Authentication Modules or PAM.
PAM uses a pluggable, modular architecture, which affords the
system administrator a great deal of flexibility in setting
authentication policies for the system.
In most situations, the default PAM configuration file for a
PAM-aware application is sufficient. However, sometimes it may
become necessary to edit a PAM configuration file. Because
misconfiguration of PAM can compromise system security, it is
important to understand the structure of these files before making
any modifications (refer to Section
16.3 PAM Configuration File Format for more
information).
PAM offers the following advantages:
-
It provides a common authentication scheme that can be used with
a wide variety of applications.
-
It allows a large amount of flexibility and control over
authentication for both system administrators and application
developers.
-
It allows application developers to develop programs without
creating their own authentication scheme.
