"User authentication has always been a problem. Build
it into a program, and it's hard to change. Leave it out, and you
have no security at all. Now there's an alternative: PAM, or
Pluggable Authentication Modules.
PAM provides an interface that programs can use to connect to
whatever authentication methods are desired. Authentication can be
as trivial as the user typing "hello world", as complex as
biometrics, or as prosaic as passwords.
PAM isn't the only way to do this. GSS-API, defined in RFCs 1508
and 1509, is a similar authentication interface protocol. Kerberos,
SSh, and Heimdal are different, and focus on securing the
authentication process itself rather than linking applications to
authentication modules."