Developer's Guide to Oracle® Solaris 11 Security

Exit Print View

Updated: July 2014

Introduction to the PAM Framework

    The PAM framework consists of four parts:

  • PAM consumers

  • PAM library

  • The pam.conf(4) configuration file

  • PAM service modules, also referred to as providers

The framework provides a uniform way for authentication-related activities to take place. This approach enables application developers to use PAM services without having to know the semantics of the policy. Algorithms are centrally supplied. The algorithms can be modified independently of the individual applications. With PAM, administrators can tailor the authentication process to the needs of a particular system without having to change any applications. Adjustments are made through pam.conf, the PAM configuration file or the /etc/pam.d files, which is available from Oracle Solaris 11.1 release onwards.

The following figure illustrates the PAM architecture. Applications communicate with the PAM library through the PAM application programming interface (API). PAM modules communicate with the PAM library through the PAM service provider interface (SPI). Thus, the PAM library enables applications and modules to communicate with each other.

Figure 3-1  PAM Architecture

image:Figure shows how the PAM library is accessed by applications and PAM service modules.