PAM module which calls an external command
' pam_exec.so 'u pam_exec.so [debug] [expose_authtok] [seteuid] [quiet] [stdout] [log= file ][type= type ] command [ . . . ]
pam_exec is a PAM module that can be used to run an external command .
The child (Aqs environment is set to the current PAM environment list, as returned by pam_getenvlist (3) In addition, the following PAM items are exported as environment variables: PAM_RHOST , PAM_RUSER , PAM_SERVICE , PAM_TTY , PAM_USER and PAM_TYPE ,which contains one of the module types: account , auth , password , open_session and close_session .
Commands called by pam_exec need to be aware of that the user can have controll over the environment .
debug Print debug information .
expose_authtok During authentication the calling command can read the password from stdin (3). Only first PAM_MAX_RESP_SIZE bytes of a password are provided to the command .
log= file The output of the command is appended to file
type= type Only run the command if the module type matches the given type .
stdout Per default the output of the executed command is written to /dev/null . With this option, the stdout output of the executed command is redirected to the calling application . It (Aqs in the responsibility of this application what happens with the output . The log option is ignored .
quiet Per default pam_exec .so will echo the exit status of the external command if it fails . Specifying this option will suppress the message .
seteuid Per default pam_exec .so will execute the external command with the real user ID of the calling process . Specifying this option means the command is run with the effective user ID .
All module types ( auth , account , password and session )are provided .
PAM_SUCCESS The external command was run successfully .
PAM_SERVICE_ERR No argument or a wrong number of arguments were given .
PAM_SYSTEM_ERR A system error occurred or the command to execute failed .
PAM_IGNORE pam_setcred was called, which does not execute the command . Or, the value given for the type= parameter did not match the module type .
Add the following line to /etc/pam .d/passwd to rebuild the NIS database after each local password change:.RS 4
password optional pam_exec .so seteuid /usr/bin/make -C /var/yp
.RE This will execute the command .RS 4
make -C /var/yp .RE with effective user ID .
pam.conf(5), pam.d(5), pam(8)
pam_exec was written by Thorsten Kukuk <kukuk@thkukuk .de> and Josh Triplett <josh@joshtriplett .org> .