Linux PAM

From Wikipedia, the free encyclopedia
Linux PAM
Stable release
1.5.2 / September 3, 2021; 18 months ago (2021-09-03)
Written inC
Operating systemLinux
LicenseGNU General Public License or Modified BSD License

Linux Pluggable Authentication Modules (PAM) is a suite of libraries that allows a Linux system administrator to configure methods to authenticate users. It provides a flexible and centralized way to switch authentication methods for secured applications by using configuration files instead of changing application code.[1] There are Linux PAM libraries allowing authentication using methods such as local passwords, LDAP, or fingerprint readers.[2] Linux PAM is evolved from the Unix Pluggable Authentication Modules architecture.[3]

Linux-PAM separates the tasks of authentication into four independent management groups:[4]

  • account modules check that the specified account is a valid authentication target under current conditions. This may include conditions like account expiration, time of day, and that the user has access to the requested service.
  • authentication modules verify the user's identity, for example by requesting and checking a password or other secret. They may also pass authentication information on to other systems like a keyring.
  • password modules are responsible for updating passwords, and are generally coupled to modules employed in the authentication step. They may also be used to enforce strong passwords.
  • session modules define actions that are performed at the beginning and end of sessions. A session starts after the user has successfully authenticated.

See also[edit]


  1. ^ "Chapter 1. Introduction". A Linux-PAM Page. Retrieved 2021-02-28.{{cite web}}: CS1 maint: url-status (link)
  2. ^ Lauber, Susan (2020-07-22). "An introduction to Pluggable Authentication Modules (PAM) in Linux". Red Hat. Retrieved 2021-02-28.{{cite web}}: CS1 maint: url-status (link)
  3. ^ Fernandes, Savio; Reddy, KLM. "Securing Applications on Linux with PAM | Linux Journal". Linux Journal. Retrieved 2018-09-30.
  4. ^ "pam.d(8): Pluggable Authentication Modules for - Linux man page". Retrieved 2021-02-28.

External links[edit]