The login application initiates a PAM session by calling pam_start(3PAM) and by specifying the login service.
The PAM library searches for login entries in the PAM configuration corresponding to the service module type of authentication (auth).
For each module in pam.conf that is configured for the login service, the PAM library calls pam_sm_authenticate(3PAM). The pam_sm_authenticate() function is part of the PAM SPI. The pam.conf control flag and results of each call determine whether the user is allowed access to the system. This process is described in more detail in Configuring PAM in Managing Kerberos and Other Authentication Services in Oracle Solaris 11.2 .
In this way, the PAM library connects PAM applications with the PAM modules that have been configured by the system administrator.