Pluggable Authentication Modules
NSS helps programs retrieve various information, including usernames, group membership information, and password hashes. However, the logic for authentication still has to exist somewhere. For example, to conduct password-based authentication, there must be code that calculates a hash sum from a plain text password that the user enters and checks it against the hash stored in an authentication database.
However, there is more to authentication policies than just having passwords and checking that they are correct. Administrators may want to enforce password-strength rules or use multi-factor authentication to increase security, for example. Authentication using remote databases also presents challenges, such as credential caching to ensure that users are not locked out of their machines when the remote database becomes temporarily unavailable.
To allow developers and administrators to create and set up tools for flexible authentication policies...