This software enables the execution of scripts during authorization, password modifications, and session initiation or termination.
The PAM-script project presents a convenient solution for executing scripts during authorization, password changes, and session opening or closing. These scripts can perform necessary tasks or influence the outcome of the PAM stack. For instance, including the entry "sshd auth required pam_script" in the pam.conf file and having the pam_script_auth script exit with a non-zero value will result in the user being denied SSH access to the machine.
This project offers options to pam_script.so, including onerr=(success|fail) - default behavior if the module cannot find or execute the various pam-scripts, where the default is 'fail', and dir=/some/path - which specifies the location to find the pam-scripts listed below. All options get passed on to the script command lines, and those not intercepted by PAM may be used to modify the script behavior.
The PAM-script project offers four module-types, including auth, account, passwd, and session, and each type has its corresponding script. All the scripts are passed several environment variables such as PAM_USER, PAM_RUSER, PAM_RHOST, PAM_SERVICE, PAM_AUTHTOK, PAM_TTY, and PAM_TYPE referring to the module-type, and whether the variable has a non-null value or not depends on the context.
The pam.conf file offers examples that users can customize to meet their specific needs. For instance, in the first example, ssh auth, session, and passwd all required pam_script.so, while the second example includes an additional logging application that doesn't want access denied if there is a problem - hence the inclusion of pam_script.so as optional.
Additionally, debugging is possible using the pamtest.c program from the pam-dotfile distribution, which will help users step through the module. Overall, the PAM-script project offers a simple, efficient solution for executing scripts during authorization and session management.
This project offers options to pam_script.so, including onerr=(success|fail) - default behavior if the module cannot find or execute the various pam-scripts, where the default is 'fail', and dir=/some/path - which specifies the location to find the pam-scripts listed below. All options get passed on to the script command lines, and those not intercepted by PAM may be used to modify the script behavior.
The PAM-script project offers four module-types, including auth, account, passwd, and session, and each type has its corresponding script. All the scripts are passed several environment variables such as PAM_USER, PAM_RUSER, PAM_RHOST, PAM_SERVICE, PAM_AUTHTOK, PAM_TTY, and PAM_TYPE referring to the module-type, and whether the variable has a non-null value or not depends on the context.
The pam.conf file offers examples that users can customize to meet their specific needs. For instance, in the first example, ssh auth, session, and passwd all required pam_script.so, while the second example includes an additional logging application that doesn't want access denied if there is a problem - hence the inclusion of pam_script.so as optional.
Additionally, debugging is possible using the pamtest.c program from the pam-dotfile distribution, which will help users step through the module. Overall, the PAM-script project offers a simple, efficient solution for executing scripts during authorization and session management.
What's New
Version 1.1.1: N/A