I am using this module to authenticate using pam: http://code.google.com/p/web2py/source/browse/gluon/contrib/pam.py
I can call authenticate('username','password') and it returns True/ False. It works for any 'username' but 'root'. My guess is that there is a security restriction in PAM that does not allow to check for the root password.
I need to be able to check the root password. Is there anything I can change in the pam.conf or somewhere else to remove this restriction?
I found the answer to your question, the problem is in the default service.
when you call the function authenticate('username','password') make sure you pass an appropriate service too. like authenticate('username','password', 'passwd') or you can add your custom configuration under /etc/pam.d/
here is an example from the webmin project
#%PAM-1.0
auth required pam_unix.so nullok
account required pam_unix.so
session required pam_unix.so
write the previous lines on a file under /etc/pam.d/ and call it 'myconfig' for example, then pass it's name to the function, and it'll work (it did for me) :D