A PAM service module is a shared library that provides authentication and other security services to system entry applications such as login, rlogin, and telnet. The four types of PAM services are:
Authentication service modules – For granting users access to an account or service. Modules that provide this service authenticate users and set up user credentials.
Account management modules – For determining whether the current user's account is valid. Modules that provide this service can check password or account expiration and time-restricted access.
Session management modules – For setting up and terminating login sessions.
Password management modules – For enforcing password strength rules and performing authentication token updates.
A PAM module can implement one or more of these services. The use of simple modules with well-defined tasks increases configuration flexibility. PAM services should thus be implemented in separate modules. The services can then be used as needed as defined in the pam.conf(4) file.
For example, the Solaris OS provides the pam_authtok_check(5) module for system administrators to configure the site's password policy. The pam_authtok_check(5) module checks proposed passwords for various strength criteria.
For a complete list of Solaris PAM modules, see man pages section 5: Standards, Environments, and Macros. The PAM modules have the prefix pam_.