JAAS implements a Java version of the Pluggable Authentication Modules (PAM) framework. Sun Microsystems created PAM for its Solaris operating system; with JAAS, PAM is now available in a platform-independent form.

The main purpose of PAM is to allow application developers to write to a standard authentication interface at development time, leaving the decision of which authentication technologies will be used (and how they will be used) up to the system administrator. Authentication technologies are implemented in login modules that can be deployed after an application has been written, and are specified in a text file called a login configuration file (named login.config in this tutorial). The login.config file can specify not only which modules to call, but the conditions for overall authentication success.

PAM allows new authentication techniques or technologies to be more easily added to existing applications. Likewise, an authentication policy can be changed by updating the login.config file, rather than rewriting the entire application.

JDK 1.4 comes with the following PAM modules. We'll use one of them and also practice writing two of our own later in the tutorial:

• com.sun.security.auth.module.NTLoginModule
• com.sun.security.auth.module.NTSystem
• com.sun.security.auth.module.JndiLoginModule
• com.sun.security.auth.module.KeyStoreLoginModule
• com.sun.security.auth.module.Krb5LoginModule
• com.sun.security.auth.module.SolarisSystem
• com.sun.security.auth.module.UnixLoginModule
• com.sun.security.auth.module.UnixSystem