Chapter 7. Glossary of PAM related terms
The following are a list of terms used within this document.
- Authentication token
Generally, this is a password. However, a user can authenticate
him/herself in a variety of ways. Updating the user's
authentication token thus corresponds to
refreshing the object they use to
authenticate themself with the system. The word password is
avoided to keep open the possibility that the authentication
involves a retinal scan or other non-textual mode of
challenge/response.
- Credentials
Having successfully authenticated the user, PAM is able to
establish certain characteristics/attributes of the user.
These are termed credentials. Examples
of which are group memberships to perform privileged tasks
with, and tickets in the form of
environment variables etc. . Some user-credentials, such as
the user's UID and GID (plus default group memberships) are
not deemed to be PAM-credentials. It is the responsibility
of the application to grant these directly.