PAM stands for Pluggable Authentication Modules. Basically it's a centralized way of managing authentication processes and credentials -- sort of a "glue layer" for software on the system. With the right modules, PAM can talk to various backend authentication mechanisms such as LDAP. You can also use it to limit functionality to certain users/group (e.g. only allow people in the wheel group to use su).
In short, PAM is an extremely flexible system, although since it is software it has nothing to do with physical machine security. I'd suggest you use Google to find some of the different ways PAM can be used.
|