diff --git a/README.md b/README.md
index 3fd09870..509997d1 100644
--- a/README.md
+++ b/README.md
@@ -161,6 +161,15 @@ the `encryption_*` and `ssl_*` options
 directly to the constructor as keyword arguments, even though it is
 required when they are placed in the environment file.
 
+PAM logins
+----------
+
+Starting with v2.0.0, the python iRODS client is able to authenticate under PAM using the same file-based client environment as the
+iCommands.
+
+Caveat for iRODS 4.3+: when upgrading from 4.2, the "irods_authentication_scheme" setting must be changed from "pam" to "pam_password" in
+`~/.irods/irods_environment.json` for all file-based client environments.
+
 Maintaining a connection
 ------------------------
 
diff --git a/irods/auth/pam.py b/irods/auth/pam.py
new file mode 100644
index 00000000..757eea74
--- /dev/null
+++ b/irods/auth/pam.py
@@ -0,0 +1,9 @@
+class PamLoginException(Exception): pass
+
+def login(conn):
+    if conn.server_version >= (4,3):
+        raise PamLoginException('PAM logins in iRODS 4.3+ require a scheme of "pam_password"')
+    conn._login_pam()
+
+# Pattern for when you need to import from sibling plugins:
+from .native import login as native_login