Description
X.509 certificates can be used for user login through PAM. Administrators install this module when certificate-backed authentication should replace or supplement passwords.
Certificate login depends on trust stores, revocation, and token custody. Keep fallback access and test certificate lifecycle handling.