Skip to main content


A Pluggable Authentication Module (PAM) is the AAA (Authentication, Authorization and Accounting) framework used in most Linux/Unix distributions. Ubuntu, RHEL, Mac OS X, FreeBSD, and NetBSD use PAM for authentication. Most distributions that do not come with PAM can be made to work with PAM.

Abstractly, PAM provides this basic API:

    string username
    string password
    bool success

Anything that prompts the user for a password (sshd, web server back-ends, the Linux login console) can ask PAM for results. PAM only provides top-level access to a system (whether you can log in at all), not fine-grained access control (which files you can access).