The PAM framework allows a system administrator to choose any combination of system entry services (ftp, login, telnet, or rsh, for example) for user authentication. Some of the benefits PAM provides are:
Flexible configuration policy
Per application authentication policy
The ability to choose a default authentication mechanism
Multiple passwords on high-security systems
Ease of use for the end user
No retyping of passwords if they are the same for different mechanisms
The ability to use a single password for multiple authentication methods with the password mapping feature, even if the passwords associated with each authentication method are different
The ability to prompt the user for passwords for multiple authentication methods without having the user enter multiple commands
The ability to pass optional parameters to the user authentication services