summaryrefslogtreecommitdiffstats
path: root/modules/pam_exec/README
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--modules/pam_exec/README79
-rw-r--r--modules/pam_exec/README.xml41
2 files changed, 120 insertions, 0 deletions
diff --git a/modules/pam_exec/README b/modules/pam_exec/README
new file mode 100644
index 0000000..3959162
--- /dev/null
+++ b/modules/pam_exec/README
@@ -0,0 +1,79 @@
+pam_exec — PAM module which calls an external command
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+DESCRIPTION
+
+pam_exec is a PAM module that can be used to run an external command.
+
+The child's environment is set to the current PAM environment list, as returned
+by pam_getenvlist(3) In addition, the following PAM items are exported as
+environment variables: PAM_RHOST, PAM_RUSER, PAM_SERVICE, PAM_TTY, PAM_USER and
+PAM_TYPE, which contains one of the module types: account, auth, password,
+open_session and close_session.
+
+Commands called by pam_exec need to be aware of that the user can have control
+over the environment.
+
+OPTIONS
+
+debug
+
+ Print debug information.
+
+expose_authtok
+
+ During authentication the calling command can read the password from stdin
+ (3). Only first PAM_MAX_RESP_SIZE bytes of a password are provided to the
+ command.
+
+log=file
+
+ The output of the command is appended to file
+
+type=type
+
+ Only run the command if the module type matches the given type.
+
+stdout
+
+ Per default the output of the executed command is written to /dev/null.
+ With this option, the stdout output of the executed command is redirected
+ to the calling application. It's in the responsibility of this application
+ what happens with the output. The log option is ignored.
+
+quiet
+
+ Per default pam_exec.so will echo the exit status of the external command
+ if it fails. Specifying this option will suppress the message.
+
+quiet_log
+
+ Per default pam_exec.so will log the exit status of the external command if
+ it fails. Specifying this option will suppress the log message.
+
+seteuid
+
+ Per default pam_exec.so will execute the external command with the real
+ user ID of the calling process. Specifying this option means the command is
+ run with the effective user ID.
+
+EXAMPLES
+
+Add the following line to /etc/pam.d/passwd to rebuild the NIS database after
+each local password change:
+
+ password optional pam_exec.so seteuid /usr/bin/make -C /var/yp
+
+
+This will execute the command
+
+make -C /var/yp
+
+with effective user ID.
+
+AUTHOR
+
+pam_exec was written by Thorsten Kukuk <kukuk@thkukuk.de> and Josh Triplett
+<josh@joshtriplett.org>.
+
diff --git a/modules/pam_exec/README.xml b/modules/pam_exec/README.xml
new file mode 100644
index 0000000..5e76cab
--- /dev/null
+++ b/modules/pam_exec/README.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+"http://www.docbook.org/xml/4.3/docbookx.dtd"
+[
+<!--
+<!ENTITY pamaccess SYSTEM "pam_exec.8.xml">
+-->
+]>
+
+<article>
+
+ <articleinfo>
+
+ <title>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_exec.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_exec-name"]/*)'/>
+ </title>
+
+ </articleinfo>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_exec.8.xml" xpointer='xpointer(//refsect1[@id = "pam_exec-description"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_exec.8.xml" xpointer='xpointer(//refsect1[@id = "pam_exec-options"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_exec.8.xml" xpointer='xpointer(//refsect1[@id = "pam_exec-examples"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_exec.8.xml" xpointer='xpointer(//refsect1[@id = "pam_exec-author"]/*)'/>
+ </section>
+
+</article>