PAM_EXEC(8) | Linux-PAM Manual | PAM_EXEC(8) |
pam_exec - PAM module which calls an external command
pam_exec.so [debug] [expose_authtok] [seteuid] [quiet] [stdout] [log=file] [type=type] command [...]
pam_exec is a PAM module that can be used to run an external command.
The child's environment is set to the current PAM environment list, as returned by pam_getenvlist(3) In addition, the following PAM items are exported as environment variables: PAM_RHOST, PAM_RUSER, PAM_SERVICE, PAM_TTY, PAM_USER and PAM_TYPE, which contains one of the module types: account, auth, password, open_session and close_session.
Commands called by pam_exec need to be aware of that the user can have control over the environment.
debug
expose_authtok
log=file
type=type
stdout
quiet
seteuid
All module types (auth, account, password and session) are provided.
PAM_SUCCESS
PAM_BUF_ERR
PAM_CONV_ERR
PAM_INCOMPLETE
PAM_SERVICE_ERR
PAM_SYSTEM_ERR
PAM_IGNORE
Add the following line to /etc/pam.d/passwd to rebuild the NIS database after each local password change:
password optional pam_exec.so seteuid /usr/bin/make -C /var/yp
This will execute the command
make -C /var/yp
with effective user ID.
pam_exec was written by Thorsten Kukuk <kukuk@thkukuk.de> and Josh Triplett <josh@joshtriplett.org>.
06/08/2020 | Linux-PAM Manual |