From 9ada0093e92388590c7368600ca4e9e3e376f0d0 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 16:22:51 +0200 Subject: Adding upstream version 1.5.2. Signed-off-by: Daniel Baumann --- modules/pam_exec/README | 79 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 modules/pam_exec/README (limited to 'modules/pam_exec/README') diff --git a/modules/pam_exec/README b/modules/pam_exec/README new file mode 100644 index 0000000..3959162 --- /dev/null +++ b/modules/pam_exec/README @@ -0,0 +1,79 @@ +pam_exec — PAM module which calls an external command + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +DESCRIPTION + +pam_exec is a PAM module that can be used to run an external command. + +The child's environment is set to the current PAM environment list, as returned +by pam_getenvlist(3) In addition, the following PAM items are exported as +environment variables: PAM_RHOST, PAM_RUSER, PAM_SERVICE, PAM_TTY, PAM_USER and +PAM_TYPE, which contains one of the module types: account, auth, password, +open_session and close_session. + +Commands called by pam_exec need to be aware of that the user can have control +over the environment. + +OPTIONS + +debug + + Print debug information. + +expose_authtok + + During authentication the calling command can read the password from stdin + (3). Only first PAM_MAX_RESP_SIZE bytes of a password are provided to the + command. + +log=file + + The output of the command is appended to file + +type=type + + Only run the command if the module type matches the given type. + +stdout + + Per default the output of the executed command is written to /dev/null. + With this option, the stdout output of the executed command is redirected + to the calling application. It's in the responsibility of this application + what happens with the output. The log option is ignored. + +quiet + + Per default pam_exec.so will echo the exit status of the external command + if it fails. Specifying this option will suppress the message. + +quiet_log + + Per default pam_exec.so will log the exit status of the external command if + it fails. Specifying this option will suppress the log message. + +seteuid + + Per default pam_exec.so will execute the external command with the real + user ID of the calling process. Specifying this option means the command is + run with the effective user ID. + +EXAMPLES + +Add the following line to /etc/pam.d/passwd to rebuild the NIS database after +each local password change: + + password optional pam_exec.so seteuid /usr/bin/make -C /var/yp + + +This will execute the command + +make -C /var/yp + +with effective user ID. + +AUTHOR + +pam_exec was written by Thorsten Kukuk and Josh Triplett +. + -- cgit v1.2.3