UNIX PAM-LDAP Architecture
Creation of a software abstraction layer between services provided by a system and methods how these services can actually perform necessary task has long been recognized as a valuable method of creating portable software solutions.
UNIX systems are no exception to this approach.
Vipin Samar and Charlie Lai in their 1996 paper “Making Login Services Independent of Authentication Technologies” introduced the concept of pluggable authentication architecture which isolates developers from specific authentication mechanisms used by the UNIX operating system.
It was recognized that coding specific authentication mechanisms within utilities like telnet, ftp, ssh, cron and others forces developers to rewrite/update them every time the required authentication mechanism changes.
Pluggable authentication architecture creates a system service that can be invoked by modules and provides the necessary results without the requirement to code specific mechanisms within the utilities relying on system authentication and name services.
Based on this approach the Open Software Foundation created RFC 86.0 outlining the PAM API for unified login.
Based on this approach, Luke Howard created RFC 2307, which outlined LDAP service extensions necessary to support UNIX authentication and name services.
Name services support lookups for users, groups, IP services (which map names to IP ports and protocols, and vice versa), IP protocols (which map names to IP protocol numbers and vice versa), RPCs (which map names to ONC Remote Procedure Call numbers and vice versa), NIS netgroups, booting information (boot parameters and MAC address mappings), filesystem mounts, IP hosts and networks.