| PAM-SCRIPT(7) | Miscellaneous Information Manual | PAM-SCRIPT(7) |
pam-script - a PAM module that can invoke scripts within the PAM stack.
pam-script.so [onerr=(success|fail)][dir=/some/path/]
pam-script allows you to execute scripts during authorization, passwd changes, and on session opening or closing.
Such scripts can perform necessary tasks or influence the outcome
of the PAM stack. For example, if the following entry was included in
pam.conf
sshd auth required pam_script
then if the script, pam_script_auth, exits with a non-zero value this would cause the user to be denied SSH access to the machine.
A summary of options is included below.
List of scripts
All the scripts will be passed several environment variables: PAM_USER, PAM_RUSER, PAM_RHOST, PAM_SERVICE, PAM_AUTHTOK, PAM_TTY, and PAM_TYPE referring to the module-type. The pam_script.so arguments in the pam.conf will be passed on the command line, which can be used to modify the script behavior.
/lib/x86_64-linux-gnu/security/pam_script.so - the PAM
module
/usr/share/libpam-script - where the scripts should be placed by
default
pam-script 1.1.8
PAM(7) and the PAM "The System Administrators' Guide"
pam-script was written by Jeroen Nijhof <jeroen@jeroennijhof.nl> with some additions and modifications by R.K. Owen, Ph.D. <rkowen@nersc.gov>.
This manual page was written by R.K. Owen <rkowen@nersc.gov>, for the Debian project (but may be used by others).
| August 22, 2007 |