The following are a list of terms used within this document.
Authentication token
Generally, this is a password. However, a user can authenticate
him/herself in a variety of ways. Updating the user's authentication
token thus corresponds to refreshing the object they use to
authenticate themself with the system. The word password is avoided
to keep open the possibility that the authentication involves a
retinal scan or other non-textual mode of challenge/response.
Credentials
Having successfully authenticated the user, PAM is able to establish
certain characteristics/attributes of the user. These are termed
credentials. Examples of which are group memberships to
perform privileged tasks with, and tickets in the form of
environment variables etc. . Some user-credentials, such as the
user's UID and GID (plus default group memberships) are not deemed to
be PAM-credentials. It is the responsibility of the application to
grant these directly.