Pluggable Authentication Module

What Does Pluggable Authentication Module Mean?

A pluggable authentication module (PAM) is an application programming interface (API) for authentication related services, which permits system administrators to add new authentication methods by installing PAMs and modifying authentication policies by editing the configuration files.

Advertisements

Techopedia Explains Pluggable Authentication Module

A pluggable authentication module (PAM) is a mechanism that integrates multiple low level authentication schemes into high level APIs permitting programs relying on authentication to be written independent of underlying authentication schemes. PAM was initially proposed in 1995 by Vipin Samar and Charlie Lai of Sun Microsystems. It was later adopted as an authentication framework for the common desktop environment.

Though PAM first appeared as an open source in Linux, PAM is currently supported in AIX OS, Dragon Fly BSD, Free BSD, HP-UX, Linux, Mac OS X, Net BSD and Solaris, among others. It was standardized as part of the X/Open UNIX standardization process resulting in X/Open the single sign-on standard.

PAM can be configured to deny programs the right to authenticate users and to warn certain programs from an authentication attempt. These programs use the PAM module and are attached to applications at run time.

The PAM API offers six authentication primitives grouped in four facilities: authentication, account, session and password. Authentication is a facility that is concerned with authenticating applicants and establishing account credentials besides providing two primitives, the pam_authenticate and pam_setcred. The former primitive authenticates the applicant by requesting an authentication token and comparing it with a value stored in a database or obtained from authentication server. The pam_sercred initiates account credentials such as user ID, group membership and resource limits.

Advertisements

Related Terms

Latest API Management Terms

Related Reading

Margaret Rouse

Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical, business audience. Over the past twenty years her explanations have appeared on TechTarget websites and she's been cited as an authority in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine and Discovery Magazine.Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages. If you have a suggestion for a new definition or how to improve a technical explanation, please email Margaret or contact her…