PAM is an authn core in any modern mainstream Linux distro. If you build and/or tweak Linux boxes, PAM was almost always here right with you. The only question is do you know what exacly PAM do?

I remember when I was in school (about 15 years ago) Slackware was one of the few distro's that didn't have PAM and they made a big point of it. So I did a quick Google just now and found that this year (2020) even Slackware got PAM [1]. Had a good chuckle over that.

[1] https://alien.slackbook.org/blog/slackware-introduces-pam-in...

Doesn't pretty much every mainstream Linux distro use it?

What is an alternative? PAM seems pretty ubiquitous.

FWIW, OpenBSD doesn't use PAM; it has been using BSD_Auth [1] since forever.

The other BSDs and macOS use OpenPAM [2] instead of Linux PAM. Both are written in C.

[1] https://en.wikipedia.org/wiki/BSD_Authentication

[2] https://en.wikipedia.org/wiki/OpenPAM

What is "built-in auth" for a console login or SSH?

Before you come up with an answer involving /etc/shadow and crypt(), consider that not all systems use local password files... and that you've just reinvented what PAM does, except less flexible and more prone to implementation errors.

Ssh certainly have built in auth - i think usepam = no is still the default?

Ssh certificates certainly "reinvent" auth - but not really in a bad way. Kerberos should also be quite possible without Pam.

But either way, you need some trusted code with privileges to grant privileges (eg an suid binary).

And you need to reinvent what glibc does with nsswitch.

Do you mean via mod_pam style PAM module creations? Help Me understand what you mean.