The PAM Idea is very simple:
Any application require authentication or want to authenticate users can link against PAM.
But suppose that we have 2 methods for authentication: password files and ldap for example, In this case if we are not using PAM, and we are writing an application to authenticate the users, we'll have to implement both authentication methods, and if we want to add a 3rd method later, then we'll have to implement it again.
This maybe simple for 1 or 2 apps. but now we have login, ftpd, sshd, telnetd, samba, ........ All of them need authentication.