In Unix, what is PAM?

Due to its multi-user architecture, distributions of Unix have always involved some method of authenticating individual users. In the past, this was handled in a variety of different ways, and changes to an authentication scheme required changes to each individual application that used it. Additionally, authentication schemes often differed between different Unix systems and porting an application from one system to another often involved similar changes.

In 1995, the Open Software Foundation (now the Open Group) published a Request for Comments (RFC) to address the issue of Pluggable Authentication Modules (PAM). This RFC sparked a great deal of interest and lead to the development of PAM for a variety of platforms.

PAM applies an additional layer of abstraction to Unix authentication. Applications communicate an authentication request to PAM. PAM then performs the actual authentication through a variety of means, and returns a response to the application. With this mechanism, any changes to the authentication scheme on a particular system require that the system administrator apply the changes to PAM instead of directly to each individual application.

PAM has been adapted to work with a variety of Unix distributions including Solaris and Linux.

For further information regarding PAM for Solaris, visit:

For further information about the PAM distribution available for Linux, visit:

At Indiana University, for personal or departmental Linux or Unix systems support, see At IU, how do I get support for Linux or Unix?

Comments/Questions/Corrections