I am using this module to authenticate using pam: http://code.google.com/p/web2py/source/browse/gluon/contrib/pam.py

I can call authenticate('username','password') and it returns True/ False. It works for any 'username' but 'root'. My guess is that there is a security restriction in PAM that does not allow to check for the root password.

I need to be able to check the root password. Is there anything I can change in the pam.conf or somewhere else to remove this restriction?

I found the answer to your question, the problem is in the default service.

when you call the function authenticate('username','password') make sure you pass an appropriate service too. like authenticate('username','password', 'passwd') or you can add your custom configuration under /etc/pam.d/

here is an example from the webmin project

#%PAM-1.0
auth    required    pam_unix.so nullok
account required    pam_unix.so
session required    pam_unix.so

write the previous lines on a file under /etc/pam.d/ and call it 'myconfig' for example, then pass it's name to the function, and it'll work (it did for me) :D

I had the same issue root was not getting authenticated. Here's the fix.

If you use the service 'login' ,it won't work for root. Use,

#authenticate('username','password',service='system-auth')

You could use sshd configuration if its a system with ssh server running and should work for root.

authenticate('root','password',service='sshd')