A system and method for authenticating users over a network. At least one pluggable authentication module (PAM) is used to authenticate users of network services. Each PAM includes a client-side authentication library and a server-side authentication library which may each be implemented in accordance with a specification expressed in an interface definition language (IDL), wherein the IDL is operable to define interfaces across a plurality of platforms and programming languages. The client-side authentication library is implemented for a particular client platform and deployed on the client computer system to provide a client-side interface to retrieve and encrypt a user profile. The server-side authentication library is implemented for a particular server platform and deployed on the server computer system to provide a server-side interface to receive the encrypted user profile from the client-side authentication library and decrypt the user profile to authenticate the user for network services. The client-side authentication library may be shared by a plurality of management applications and the server-side authentication library may be shared by a plurality of gateway components.