summaryrefslogtreecommitdiffstats
path: root/modules/pam_exec/pam_exec.8
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 12:01:37 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 12:01:37 +0000
commitde848d9e9146434817c65d74d1d0313e9d729462 (patch)
treedcbd0efb229b17f696f7195671f05b354b4f70fc /modules/pam_exec/pam_exec.8
parentInitial commit. (diff)
downloadpam-de848d9e9146434817c65d74d1d0313e9d729462.tar.xz
pam-de848d9e9146434817c65d74d1d0313e9d729462.zip
Adding upstream version 1.4.0.upstream/1.4.0upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'modules/pam_exec/pam_exec.8')
-rw-r--r--modules/pam_exec/pam_exec.8183
1 files changed, 183 insertions, 0 deletions
diff --git a/modules/pam_exec/pam_exec.8 b/modules/pam_exec/pam_exec.8
new file mode 100644
index 0000000..8e9093e
--- /dev/null
+++ b/modules/pam_exec/pam_exec.8
@@ -0,0 +1,183 @@
+'\" t
+.\" Title: pam_exec
+.\" Author: [see the "AUTHOR" section]
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 06/08/2020
+.\" Manual: Linux-PAM Manual
+.\" Source: Linux-PAM Manual
+.\" Language: English
+.\"
+.TH "PAM_EXEC" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+pam_exec \- PAM module which calls an external command
+.SH "SYNOPSIS"
+.HP \w'\fBpam_exec\&.so\fR\ 'u
+\fBpam_exec\&.so\fR [debug] [expose_authtok] [seteuid] [quiet] [stdout] [log=\fIfile\fR] [type=\fItype\fR] \fIcommand\fR [\fI\&.\&.\&.\fR]
+.SH "DESCRIPTION"
+.PP
+pam_exec is a PAM module that can be used to run an external command\&.
+.PP
+The child\*(Aqs environment is set to the current PAM environment list, as returned by
+\fBpam_getenvlist\fR(3)
+In addition, the following PAM items are exported as environment variables:
+\fIPAM_RHOST\fR,
+\fIPAM_RUSER\fR,
+\fIPAM_SERVICE\fR,
+\fIPAM_TTY\fR,
+\fIPAM_USER\fR
+and
+\fIPAM_TYPE\fR, which contains one of the module types:
+\fBaccount\fR,
+\fBauth\fR,
+\fBpassword\fR,
+\fBopen_session\fR
+and
+\fBclose_session\fR\&.
+.PP
+Commands called by pam_exec need to be aware of that the user can have control over the environment\&.
+.SH "OPTIONS"
+.PP
+.PP
+\fBdebug\fR
+.RS 4
+Print debug information\&.
+.RE
+.PP
+\fBexpose_authtok\fR
+.RS 4
+During authentication the calling command can read the password from
+\fBstdin\fR(3)\&. Only first
+\fIPAM_MAX_RESP_SIZE\fR
+bytes of a password are provided to the command\&.
+.RE
+.PP
+\fBlog=\fR\fB\fIfile\fR\fR
+.RS 4
+The output of the command is appended to
+file
+.RE
+.PP
+\fBtype=\fR\fB\fItype\fR\fR
+.RS 4
+Only run the command if the module type matches the given type\&.
+.RE
+.PP
+\fBstdout\fR
+.RS 4
+Per default the output of the executed command is written to
+/dev/null\&. With this option, the stdout output of the executed command is redirected to the calling application\&. It\*(Aqs in the responsibility of this application what happens with the output\&. The
+\fBlog\fR
+option is ignored\&.
+.RE
+.PP
+\fBquiet\fR
+.RS 4
+Per default pam_exec\&.so will echo the exit status of the external command if it fails\&. Specifying this option will suppress the message\&.
+.RE
+.PP
+\fBseteuid\fR
+.RS 4
+Per default pam_exec\&.so will execute the external command with the real user ID of the calling process\&. Specifying this option means the command is run with the effective user ID\&.
+.RE
+.SH "MODULE TYPES PROVIDED"
+.PP
+All module types (\fBauth\fR,
+\fBaccount\fR,
+\fBpassword\fR
+and
+\fBsession\fR) are provided\&.
+.SH "RETURN VALUES"
+.PP
+.PP
+PAM_SUCCESS
+.RS 4
+The external command was run successfully\&.
+.RE
+.PP
+PAM_BUF_ERR
+.RS 4
+Memory buffer error\&.
+.RE
+.PP
+PAM_CONV_ERR
+.RS 4
+The conversation method supplied by the application failed to obtain the username\&.
+.RE
+.PP
+PAM_INCOMPLETE
+.RS 4
+The conversation method supplied by the application returned PAM_CONV_AGAIN\&.
+.RE
+.PP
+PAM_SERVICE_ERR
+.RS 4
+No argument or a wrong number of arguments were given\&.
+.RE
+.PP
+PAM_SYSTEM_ERR
+.RS 4
+A system error occurred or the command to execute failed\&.
+.RE
+.PP
+PAM_IGNORE
+.RS 4
+\fBpam_setcred\fR
+was called, which does not execute the command\&. Or, the value given for the type= parameter did not match the module type\&.
+.RE
+.SH "EXAMPLES"
+.PP
+Add the following line to
+/etc/pam\&.d/passwd
+to rebuild the NIS database after each local password change:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+ password optional pam_exec\&.so seteuid /usr/bin/make \-C /var/yp
+
+.fi
+.if n \{\
+.RE
+.\}
+.sp
+This will execute the command
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+make \-C /var/yp
+.fi
+.if n \{\
+.RE
+.\}
+.sp
+with effective user ID\&.
+.SH "SEE ALSO"
+.PP
+\fBpam.conf\fR(5),
+\fBpam.d\fR(5),
+\fBpam\fR(8)
+.SH "AUTHOR"
+.PP
+pam_exec was written by Thorsten Kukuk <kukuk@thkukuk\&.de> and Josh Triplett <josh@joshtriplett\&.org>\&.