Intro to Linux Pluggable Authentication Modules

[ Thanks to An Anonymous Reader for
this link. ]

“Every time you log into a Linux system, you’re using
the Pluggable Authentication Modules (PAM) behind the scenes. PAM
simplifies Linux authentication, and makes it possible for Linux
systems to easily switch from local file authentication to
directory based authentication in just a few steps. If you haven’t
thought about PAM and the role it plays on the system, let’s take a
look at what it is and what it does.

“Actually, PAM is about more than logging into the system
itself. Applications can use the PAM libraries to share
authentication — so users can use a single username and
password for many applications. The rationale behind PAM is to
separate authentication from granting privileges. It should be up
to the application how to handle granting an authenticated user
privileges, but authentication can be handled separately.

“A simple way of looking at this. Imagine going to an all-ages
show at a local club. At the door, the bouncer checks ID and
tickets. If you’ve got a valid ticket and ID that shows you’re over
21, you get a green wristband. If you’ve got a valid ticket and an
ID that shows you’re under 21, you get a red wristband. Once in the
club, it’s up to the bartender to grant privileges to buy alcohol
(or not), and the club staff to grant seating privileges or direct
you to the floor for general admission.”