Updated: 2022/Sep/29

Please read Privacy Policy. It's for your privacy.

PAM(8)                      System Manager's Manual                     PAM(8)

NAME
     pam - Pluggable Authentication Modules framework

DESCRIPTION
     The Pluggable Authentication Modules (PAM) framework is a system of
     libraries that perform authentication tasks for services and
     applications.  Applications that use the PAM API may have their
     authentication behavior configured by the system administrator through
     the use of the service's PAM configuration file.

     PAM modules provide four classes of functionality:

     account   Account verification services such as password expiration and
               access control.

     auth      Authentication services.  This usually takes the form of a
               challenge-response conversation.  However, PAM can also
               support, with appropriate hardware support, biometric devices,
               smart-cards, and so forth.

     password  Password (or, more generally, authentication token) change and
               update services.

     session   Session management services.  These are tasks that are
               performed before access to a service is granted and after
               access to a service is withdrawn.  These may include updating
               activity logs or setting up and tearing down credential
               forwarding agents.

     A primary feature of PAM is the notion of "stacking" different modules
     together to form a processing chain for the task.  This allows fairly
     precise control over how a particular authentication task is performed,
     and under what conditions.  PAM module configurations may also inherit
     stacks from other module configurations, providing some degree of
     centralized administration.

SEE ALSO
     login(1), passwd(1), su(1), pam(3), pam.conf(5), pam_chroot(8),
     pam_deny(8), pam_echo(8), pam_exec(8), pam_ftpusers(8), pam_group(8),
     pam_guest(8), pam_krb5(8), pam_ksu(8), pam_lastlog(8),
     pam_login_access(8), pam_nologin(8), pam_permit(8), pam_radius(8),
     pam_rhosts(8), pam_rootok(8), pam_securetty(8), pam_self(8), pam_skey(8),
     pam_ssh(8), pam_unix(8)

HISTORY
     The Pluggable Authentication Module framework was originally developed by
     SunSoft, described in DCE/OSF-RFC 86.0, and first deployed in Solaris
     2.6.  It was later incorporated into the X/Open Single Sign-On Service
     (XSSO) Pluggable Authentication Modules specification.

     The Pluggable Authentication Module framework first appeared in
     NetBSD 3.0.

NetBSD 10.99                   February 28, 2005                  NetBSD 10.99