ALERT

[WEBINAR] Design the Next-Generation of Applications

Pluggable Authentication Module (PAM)

Definition - What does Pluggable Authentication Module (PAM) mean?

A pluggable authentication module (PAM) is an application programming interface (API) for authentication related services, which permits system administrators to add new authentication methods by installing PAMs and modifying authentication policies by editing the configuration files.

Techopedia explains Pluggable Authentication Module (PAM)

A pluggable authentication module (PAM) is a mechanism that integrates multiple low level authentication schemes into high level APIs permitting programs relying on authentication to be written independent of underlying authentication schemes. PAM was initially proposed in 1995 by Vipin Samar and Charlie Lai of Sun Microsystems. It was later adopted as an authentication framework for the common desktop environment.

Though PAM first appeared as an open source in Linux, PAM is currently supported in AIX OS, Dragon Fly BSD, Free BSD, HP-UX, Linux, Mac OS X, Net BSD and Solaris, among others. It was standardized as part of the X/Open UNIX standardization process resulting in X/Open the single sign-on standard.

PAM can be configured to deny programs the right to authenticate users and to warn certain programs from an authentication attempt. These programs use the PAM module and are attached to applications at run time.

The PAM API offers six authentication primitives grouped in four facilities: authentication, account, session and password. Authentication is a facility that is concerned with authenticating applicants and establishing account credentials besides providing two primitives, the pam_authenticate and pam_setcred. The former primitive authenticates the applicant by requesting an authentication token and comparing it with a value stored in a database or obtained from authentication server. The pam_sercred initiates account credentials such as user ID, group membership and resource limits.

Share this: