Overview #The PAM Service Types is the management group that the rule corresponds to. The PAM Service Types is used to specify which of the management groups the subsequent module is to be associated with. Valid entries are described below.
account #The account module type performs non-authentication based account management.
The account module is typically used to restrict/permit access to a service based on the time of day, currently available system resources (maximum number of users) or perhaps the location of the applicant user -- 'root' login only on the console.
Used for determining whether the current user's account is valid. Modules that provide this service can check password or account expiration and time-restricted access.
auth #The auth module type provides two aspects of authenticating the user. Firstly, it establishes that the user is who they claim to be, by instructing the application to prompt the user for a password or other means of identification. Secondly, the module can grant group membership or other privileges through its credential granting properties.
Used for granting users access to an account or service. Modules that provide this service authenticate users and set up user credentials.
password #The password module type is required for updating the authentication token associated with the user. Typically, there is one module for each 'challenge/response' based authentication (auth) type.
Used for For enforcing password strength rules and performing authentication token updates.