pam_envfeed is a PAM module that defines environment variables by running an external program and retrieving its output.
To set up the module, add a line such as this to the relevant pam.d file: session required /lib/security/pam_envfeed.so. Once assembled, the pam_envfeed module will launch the default external program, /sbin/pam_envfeed, when managing credentials, performing account management, or opening sessions. However, it is possible to select a different external program by using a module argument. The program can be either binary or a script; don't forget to include execute permissions and a #! line if opting for a script.
The external program will have its standard input and standard error linked to /dev/null, while the standard output is connected by a pipe to the parent process. Other file descriptors will not be open. The program receives four various kinds of environment variables: PAM_*, USERINFO_*, ENV_*, and PAMENV_*. PAM_RHOST, PAM_RUSER, PAM_SERVICE, PAM_TTY, and PAM_USER environment variables are set to the corresponding values in the PAM system. Only those where pam_get_item() returns a non-NULL value will be set, so some may be unset.
USERINFO_* provides an entry lookup feature for the user's home directory, which can be difficult to obtain in bash. If getpwnam() is successful, USERINFO_UID, USERINFO_GID, USERINFO_GECOS, USERINFO_HOME, and USERINFO_SHELL are set, and the group name is stored in USERINFO_GROUP if getgrgid() is successful. To disable the whole userinfo lookup, the nouserinfo option can be used.
ENV_* defines a counterpart for actual environment variables that the pamming process possesses with an ENV_ prefix. For instance, if the authenticating app has LC_ALL=hu_HU, then EVP_LC_ALL=hu_HU is defined. PAMENV_* defines a counterpart for pam environment variables that the pamming process possesses with a PAMENV_ prefix. For example, if pam_env.so previously established DISPLAY=kenny:0.0 then PAMENV_DISPLAY=kenny:0.0 is defined.
To illustrate usage, a simple example script is provided in the example subdirectory. The script establishes PATH and MAIL to their most basic values on Linux systems. Overall, pam_envfeed is an effective module for defining environment variables through external programs with various options and safeguards to streamline the process.
Version 0.4: N/A