This extension provides PAM (Pluggable Authentication Modules) integration. The library provides a stable API for applications to defer to for authentication tasks.


Users whould be aware that on systems using shadow passwords, authentication of users other than the current user will fail unless either a) the authenticating Ruby code is executed as root or, b) /sbin/unix_chkpwd is suid root (or sgid shadow).

On some distros, this is the case by default; otherwise, it may be necessary to run:

sudo chmod 2755 /sbin/unix_chkpwd

assuming /etc/shadow is set 0640 and owned by root:shadow, and /sbin/unix_chkpwd is owned by root:shadow.


In a nutshell (using the 'rpam' PAM service):

require 'rpam'

if Rpam.auth("user","password") == true

puts “Authenticate Successful”

  puts "Authenticate Failure"

Or, to use a different PAM service:

if Rpam.auth("user", "password", :service => 'my_foo') == true

This also supports compatibility with the original 'rpam':

include Rpam
if authpam("user","password") == true


On Red Hat/Fedora based systems:

  • yum install pam-devel

  • yum install ruby-devel

On Debian/Ubuntu based systems:

  • apt-get install libpam0g-dev

  • apt-get install ruby1.9-dev

Note: If you're using rvm, the ruby development headers will be installed in the correct rvm path by default, so don't worry about the Ruby development libraries.


  • gem install rpam-ruby19 (might need sudo privileges)

Or, you can do it the hard way (without Rubygems):

  • tar xzf rpam-*.tar.gz

  • cd rpam-*/ext

  • ruby extconf.rb

  • make

  • make install (might need sudo privileges)


