{"id":3807,"date":"2022-12-20T17:20:08","date_gmt":"2022-12-20T20:20:08","guid":{"rendered":"http:\/\/lode.uno\/linux-man\/index.php\/2022\/12\/20\/pam_exec-man8\/"},"modified":"2022-12-20T17:20:08","modified_gmt":"2022-12-20T20:20:08","slug":"pam_exec-man8","status":"publish","type":"post","link":"https:\/\/lode.uno\/linux-man\/2022\/12\/20\/pam_exec-man8\/","title":{"rendered":"PAM_EXEC (man8)"},"content":{"rendered":"

PAM_EXEC<\/h1>\n

NAME<\/a>
SYNOPSIS<\/a>
DESCRIPTION<\/a>
OPTIONS<\/a>
MODULE TYPES PROVIDED<\/a>
RETURN VALUES<\/a>
EXAMPLES<\/a>
SEE ALSO<\/a>
AUTHOR<\/a> <\/p>\n

\n

NAME <\/a> <\/h2>\n

pam_exec \u2212 PAM module which calls an external command<\/p>\n

SYNOPSIS <\/a> <\/h2>\n\n\n
<\/td>\n\n

pam_exec.so<\/b> [debug] [expose_authtok] [seteuid] [quiet] [stdout] [log=file<\/i>] [type=type<\/i>] command<\/i> […<\/i>]<\/p>\n<\/td>\n<\/tr>\n<\/table>\n

DESCRIPTION <\/a> <\/h2>\n

pam_exec is a PAM module that can be used to run an external command.<\/p>\n

The child’s environment is set to the current PAM environment list, as returned by pam_getenvlist<\/b>(3) In addition, the following PAM items are exported as environment variables: PAM_RHOST<\/i>, PAM_RUSER<\/i>, PAM_SERVICE<\/i>, PAM_TTY<\/i>, PAM_USER<\/i> and PAM_TYPE<\/i>, which contains one of the module types: account<\/b>, auth<\/b>, password<\/b>, open_session<\/b> and close_session<\/b>.<\/p>\n

Commands called by pam_exec need to be aware of that the user can have controll over the environment.<\/p>\n

OPTIONS <\/a> <\/h2>\n

debug<\/b><\/p>\n

Print debug information.<\/p>\n

expose_authtok<\/b><\/p>\n

During authentication the calling command can read the password from stdin<\/b>(3). Only first PAM_MAX_RESP_SIZE<\/i> bytes of a password are provided to the command.<\/p>\n

log=<\/b>file<\/i><\/p>\n

The output of the command is appended to file<\/p>\n

type=<\/b>type<\/i><\/p>\n

Only run the command if the module type matches the given type.<\/p>\n

stdout<\/b><\/p>\n

Per default the output of the executed command is written to \/dev\/null. With this option, the stdout output of the executed command is redirected to the calling application. It’s in the responsibility of this application what happens with the output. The log<\/b> option is ignored.<\/p>\n

quiet<\/b><\/p>\n

Per default pam_exec.so will echo the exit status of the external command if it fails. Specifying this option will suppress the message.<\/p>\n

seteuid<\/b><\/p>\n

Per default pam_exec.so will execute the external command with the real user ID of the calling process. Specifying this option means the command is run with the effective user ID.<\/p>\n

MODULE TYPES PROVIDED <\/a> <\/h2>\n

All module types (auth<\/b>, account<\/b>, password<\/b> and session<\/b>) are provided.<\/p>\n

RETURN VALUES <\/a> <\/h2>\n

PAM_SUCCESS<\/p>\n

The external command was run successfully.<\/p>\n

PAM_SERVICE_ERR<\/p>\n

No argument or a wrong number of arguments were given.<\/p>\n

PAM_SYSTEM_ERR<\/p>\n

A system error occurred or the command to execute failed.<\/p>\n

PAM_IGNORE<\/p>\n

pam_setcred<\/b> was called, which does not execute the command. Or, the value given for the type= parameter did not match the module type.<\/p>\n

EXAMPLES <\/a> <\/h2>\n

Add the following line to \/etc\/pam.d\/passwd to rebuild the NIS database after each local password change:<\/p>\n

password optional pam_exec.so seteuid \/usr\/bin\/make \u2212C \/var\/yp<\/p>\n

This will execute the command<\/p>\n

make \u2212C \/var\/yp<\/p>\n

with effective user ID.<\/p>\n

SEE ALSO <\/a> <\/h2>\n

pam.conf<\/b>(5), pam.d<\/b>(5), pam<\/b>(8)<\/p>\n

AUTHOR <\/a> <\/h2>\n

pam_exec was written by Thorsten Kukuk and Josh Triplett .<\/p>\n

\n","protected":false},"excerpt":{"rendered":"

pam_exec \u2212 PAM module which calls an external command <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[5,52,4,905],"class_list":["post-3807","post","type-post","status-publish","format-standard","hentry","category-8-administracion-del-sistema","tag-5","tag-administracion","tag-man8","tag-pam_exec"],"gutentor_comment":0,"_links":{"self":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts\/3807","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/comments?post=3807"}],"version-history":[{"count":0,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts\/3807\/revisions"}],"wp:attachment":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/media?parent=3807"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/categories?post=3807"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/tags?post=3807"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}