The Self authentication component (
pam_sm_authenticate()), returns success if and only if the target user's user ID is identical with the current real user ID. If the current real user ID is zero, authentication will fail, unless the
allow_root option was specified.
The following options may be passed to the authentication module:
debug
syslog(3) debugging information at
LOG_DEBUG level.
no_warn
suppress warning messages to the user. These messages include reasons why the user's authentication attempt was declined.
allow_root
do not automatically fail if the current real user ID is 0.