Linux uses PAM pluggable authentication modules in the authentication process as a layer that mediates between user and application. PAM modules are available on a system-wide basis, so they can be requested by any application. This chapter describes how the modular authentication mechanism works and how it is configured. System administrators and programmers often want to restrict access to certain parts of the system or to limit the use of certain functions of an application. However, this process is time-consuming and error-prone.
How to Configure and Use PAM in Linux
Authentication with PAM | Security and Hardening Guide | SUSE Linux Enterprise Server 15 SP1
In the previous post, we talked about the Linux iptables firewall , and some people asked about authentication. Today, we will talk about the powerful framework in Linux used for authentication, which is Linux-PAM. PAM or Pluggable Authentication Modules are the management layer that sits between Linux applications and the Linux native authentication system. There are many programs on your system that use PAM modules like su, passwd, ssh, login, and other services. We will discuss some of them.
PAM provides system administrators with the ability and flexibility to choose any authentication service available on a system to perform end-user authentication. By using PAM, applications can perform authentication regardless of what authentication method is defined by the system administrator for the given client. PAM enables system administrators to deploy the appropriate authentication mechanism for each service throughout the network. System administrators can also select one or multiple authentication technologies without modifying applications or utilities. PAM insulates application developers from evolutionary improvements to authentication technologies, while at the same time allowing deployed applications to use those improvements.
Linux-PAM short for Pluggable Authentication Modules which evolved from the Unix-PAM architecture is a powerful suite of shared libraries used to dynamically authenticate a user to applications or services in a Linux system. It integrates multiple low-level authentication modules into a high-level API that provides dynamic authentication support for applications. This allows developers to write applications that require authentication, independently of the underlying authentication system. PAM will ignore the file if the directory exists. The syntax for the main configuration file is as follows.