ARCHIVED: In Unix, what is PAM?

This content has been archived, and is no longer maintained by Indiana University. Information here may no longer be accurate, and links may no longer be available or reliable.

Due to its multi-user architecture, distributions of Unix have always involved some method of authenticating individual users. In the past, this was handled in a variety of different ways, and changes to an authentication scheme required changes to each individual application that used it. Additionally, authentication schemes often differed between different Unix systems and porting an application from one system to another often involved similar changes.

In 1995, the Open Software Foundation (now the Open Group) published a Request for Comments (RFC) to address the issue of Pluggable Authentication Modules (PAM). This RFC sparked a great deal of interest and lead to the development of PAM for a variety of platforms.

PAM applies an additional layer of abstraction to Unix authentication. Applications communicate an authentication request to PAM. PAM then performs the actual authentication through a variety of means, and returns a response to the application. With this mechanism, any changes to the authentication scheme on a particular system require that the system administrator apply the changes to PAM instead of directly to each individual application.

PAM has been adapted to work with a variety of Unix distributions including Linux and Mac OS X.

For an overview of PAM mechanics, see FOCUS on Sun and Linux: Pluggable Authentication Modules.

For further information about the PAM distribution available for Linux, visit:

  https://www.kernel.org/pub/linux/libs/pam/

For further information regarding OpenPAM, the distribution used by OS X and Solaris, see the OpenPAM site.

At Indiana University, for personal or departmental Linux or Unix systems support, see Get help for Linux or Unix at IU.