I'm writing a module for Linux PAM, which uses setuid() to drop privileges to the user being authenticated. Of course, this will only work if the EUID is root. So, is the PAM stack always run as root, regardless of the application using it?

Not always, no. Most applications using pam are marked setuid, or have setuid helpers -- as many standard plugins do require root -- but one can use the library without root privileges or an escalation method if no plugins being invoked need privileges.

Some examples:

• Standard authentication with /etc/shadow does require root, and PAM modules reading /etc/shadow will fail if those permissions are not available, unless your platform's PAM modules for reading /etc/shadow bundle a suitable setuid helper for this and invoke it directly from the PAM module.
• Authentication with LDAP typically does not require root, and the LDAP PAM modules can be used with no root privileges.

It's entirely fair -- and in line with how other modules are written -- for a PAM module to fail if it needs root privileges and those privileges are not available. Software which intends to be compatible with the widest available array of PAM modules will have a privilege escalation path available, even though the PAM library itself does not provide such a mechanism.