<Tr> <Td> </Td> <Td> This article needs additional citations for verification . Please help improve this article by adding citations to reliable sources . Unsourced material may be challenged and removed . (May 2011) (Learn how and when to remove this template message) </Td> </Tr> <P> A pluggable authentication module (PAM) is a mechanism to integrate multiple low - level authentication schemes into a high - level application programming interface (API). It allows programs that rely on authentication to be written independently of the underlying authentication scheme . PAM was first proposed by Sun Microsystems in an Open Software Foundation Request for Comments (RFC) 86.0 dated October 1995 . It was adopted as the authentication framework of the Common Desktop Environment . As a stand - alone open - source infrastructure, PAM first appeared in Red Hat Linux 3.0. 4 in August 1996 in the Linux PAM project . PAM is currently supported in the AIX operating system, DragonFly BSD, FreeBSD, HP - UX, Linux, Mac OS X, NetBSD and Solaris . </P> <P> Since no central standard of PAM behavior exists, there was a later attempt to standardize PAM as part of the X / Open UNIX standardization process, resulting in the X / Open Single Sign - on (XSSO) standard . This standard was not ratified, but the standard draft has served as a reference point for later PAM implementations (for example, OpenPAM). </P> <P> Since most PAM implementations do not interface with remote clients themselves, PAM on its own cannot implement Kerberos, the most common type of SSO used in Unix environments . This led to SSO's incorporation as the "primary authentication" portion of the would - be XSSO standard and the advent of technologies such as SPNEGO and SASL . This lack of functionality is also the reason SSH does its own authentication mechanism negotiation . </P>

How the unique authentication module of linux provides security