2.4. Pluggable Authentication Modules (PAM)
Historically, each program had its own way of authenticating users. In Fedora, many programs are configured to use a centralized authentication mechanism called
Pluggable Authentication Modules (
PAM).
PAM uses a pluggable, modular architecture, which affords the system administrator a great deal of flexibility in setting authentication policies for the system.
In most situations, the default PAM configuration file for a PAM-aware application is sufficient. Sometimes, however, it is necessary to edit a PAM configuration file. Because misconfiguration of PAM can compromise system security, it is important to understand the structure of these files before making any modifications. Refer to
Section 2.4.3, “PAM Configuration File Format” for more information.