PAM Module Types

• Authentication
  • Establishes the users is who they say they are by asking for password (or some other kind of authencation token)
  • Can grant other privileges (such as group membership) via credential granting
• Account
  • Performs non-authentication based account management
  • Restrict access based on time of day, see if accounts have expired, check user and process limits etc
• Session
  • Deals with things that have to be done before and after giving a user access
  • Displaying motd, mounting directories, showing if a user has mail, last login, updating login histories etc
• Password
  • Updating users authentication details - ie, changing passwords