PAM and PAM-aware applications reduce the complexity of authentication. With PAM, the system administrator can use the same user database for every login process of your system—if he or she wishes to do so. Moreover, it is possible to use more than one underlying authentication mechanisms (or back end)—controlled by PAM and transparent to the users. The good news for the systems administrator is that knowledge in one UNIX operating system (one particular PAM implementation) can easily be carried over on to another UNIX operating system. Learning PAM will make you a better UNIX systems administrator.

PAM has a well defined API, and PAM-aware applications will not break if the system administrator changes the underlying authentication configuration.

Furthermore, the password file does not scale. It might work with 100 users, but working with 5000 users is a completely different story. PAM can easily scale to tens of thousands depending on the chosen back end; changing the back end user database, for example, from a flat file to an LDAP server will be painful if you are not using PAM.

Application programmers can take advantage of PAM if an application requires some kind of authentication. Using PAM for authentication requires much less programming than developing a complete set of authentication functions, and the application programmer can rely on the system administrator to choose an appropriate back end to store user names and passwords.