Programs that give privileges to users must properly authenticate each user. When you log into a system, you provide your username and password, and the log in process uses this username and password to verify your identity.
Pluggable Authentication Modules (PAM) allows the system administrator to set authentication policies for PAM-aware applications without having to recompile authentication programs. PAM does this by utilizing a pluggable, modular architecture. Which modules PAM calls for a particular application is determined by looking at that application's PAM configuration file in the /etc/pam.d/ directory.
In most situations, you will never need to alter the default PAM configuration files for a PAM-aware application. Whenever you use RPM to install programs that require authentication, they automatically make the changes necessary to do normal password authentication using PAM. However, if you need to customize the PAM configuration file, you must understand the structure of this file (see the Section called PAM Configuration Files for more information).
When used correctly, PAM provides the following advantages for a system administrator:
It provides a common authentication scheme that can be used with a wide variety of applications.
It allows great flexibility and control over authentication for both the system administrator and application developer.
It allows application developers to develop their program without implementing a particular authentication scheme. Instead, they can focus purely on the details of their program.