Linux-PAM
(Pluggable Authentication Modules for Linux) is a library that enables
the local system administrator to choose how individual applications
authenticate users. For an overview of the
Linux-PAM library see the
Linux-PAM System Administrators' Guide.
It is the purpose of the Linux-PAM
project to liberate the development of privilege granting software
from the development of secure and appropriate authentication schemes.
This is accomplished by providing a documented library of functions
that an application may use for all forms of user authentication
management. This library dynamically loads locally configured
authentication modules that actually perform the authentication tasks.
From the perspective of an application developer the information
contained in the local configuration of the PAM library should not be
important. Indeed it is intended that an application treat the
functions documented here as a 'black box' that will deal with all
aspects of user authentication. 'All aspects' includes user
verification, account management, session initialization/termination
and also the resetting of passwords
(authentication tokens).