NAME
pam —
Pluggable Authentication Modules
framework
DESCRIPTION
The Pluggable Authentication Modules (PAM) framework is a system of libraries
that perform authentication tasks for services and applications. Applications
that use the PAM API may have their authentication behavior configured by the
system administrator through the use of the service's PAM configuration file.
PAM modules provide four classes of functionality:
-
-
- account
- Account verification services such as password expiration
and access control.
-
-
- auth
- Authentication services. This usually takes the form of a
challenge-response conversation. However, PAM can also support, with
appropriate hardware support, biometric devices, smart-cards, and so
forth.
-
-
- password
- Password (or, more generally, authentication token) change
and update services.
-
-
- session
- Session management services. These are tasks that are
performed before access to a service is granted and after access to a
service is withdrawn. These may include updating activity logs or setting
up and tearing down credential forwarding agents.
A primary feature of PAM is the notion of “stacking” different
modules together to form a processing chain for the task. This allows fairly
precise control over how a particular authentication task is performed, and
under what conditions. PAM module configurations may also inherit stacks from
other module configurations, providing some degree of centralized
administration.
SEE ALSO
login(1),
passwd(1),
su(1),
pam(3),
pam.conf(5),
pam_chroot(8),
pam_deny(8),
pam_echo(8),
pam_exec(8),
pam_ftpusers(8),
pam_group(8),
pam_guest(8),
pam_krb5(8),
pam_ksu(8),
pam_lastlog(8),
pam_login_access(8),
pam_nologin(8),
pam_permit(8),
pam_radius(8),
pam_rhosts(8),
pam_rootok(8),
pam_securetty(8),
pam_self(8),
pam_skey(8),
pam_ssh(8),
pam_unix(8)
HISTORY
The Pluggable Authentication Module framework was originally developed by
SunSoft, described in DCE/OSF-RFC 86.0, and first deployed in Solaris 2.6. It
was later incorporated into the X/Open Single Sign-On Service (XSSO) Pluggable
Authentication Modules specification.
The Pluggable Authentication Module framework first appeared in
NetBSD 3.0.