Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
PAM_EXEC(8)		  BSD System Manager's Manual		   PAM_EXEC(8)

NAME
     pam_exec -- Exec PAM module

SYNOPSIS
     [service-name] module-type	control-flag pam_exec [arguments]

DESCRIPTION
     The exec service module for PAM executes the program designated by	its
     first argument if no options are specified, with its remaining arguments
     as	command-line arguments.	 If options are	specified, the program and its
     arguments follow the last option or -- if the program name	conflicts with
     an	option name.

     The following options may be passed before	the program and	its arguments:

     capture_stderr
	     Capture text printed by the program to its	standard error stream
	     and pass it to the	conversation function as error messages.  No
	     attempt is	made at	buffering the text, so results may vary.

     capture_stdout
	     Capture text printed by the program to its	standard output	stream
	     and pass it to the	conversation function as informational mes-
	     sages.  No	attempt	is made	at buffering the text, so results may
	     vary.

     debug   Ignored for compatibility reasons.

     no_warn
	     Ignored for compatibility reasons.

     return_prog_exit_status
	     Use the program exit status as the	return code of the pam_sm_*
	     function.	It must	be a valid return value	for this function.

     expose_authtok
	     Write the authentication token to the program's standard input
	     stream, followed by a NUL character.

     --	     Stop options parsing; program and its arguments follow.

     The child's environment is	set to the current PAM environment list, as
     returned by pam_getenvlist(3).  In	addition, the following	PAM items are
     exported as environment variables:	PAM_RHOST, PAM_RUSER, PAM_SERVICE,
     PAM_SM_FUNC, PAM_TTY and PAM_USER.

     The PAM_SM_FUNC variable contains the name	of the PAM service module
     function being called.  It	may be:
	   -   pam_sm_acct_mgmt
	   -   pam_sm_authenticate
	   -   pam_sm_chauthtok
	   -   pam_sm_close_session
	   -   pam_sm_open_session
	   -   pam_sm_setcred

     If	return_prog_exit_status	is not set (default), the PAM_SM_FUNC function
     returns PAM_SUCCESS if the	program	exit status is 0, PAM_PERM_DENIED oth-
     erwise.

     If	return_prog_exit_status	is set,	the program exit status	is used.  It
     should be PAM_SUCCESS or one of the error codes allowed by	the calling
     PAM_SM_FUNC function.  The	valid codes are	documented in each function
     man page.	If the exit status is not a valid return code, PAM_SERVICE_ERR
     is	returned.  Each	valid codes numerical value is available as an envi-
     ronment variable (eg. PAM_SUCESS, PAM_USER_UNKNOWN, etc).	This is	useful
     in	shell scripts for instance.

SEE ALSO
     pam_get_item(3), pam.conf(5), pam(8), pam_sm_acct_mgmt(8),
     pam_sm_authenticate(8), pam_sm_chauthtok(8), pam_sm_close_session(8),
     pam_sm_open_session(8), pam_sm_setcred(8)

AUTHORS
     The pam_exec module and this manual page were developed for the FreeBSD
     Project by	ThinkSec AS and	NAI Labs, the Security Research	Division of
     Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
     ("CBOSS"),	as part	of the DARPA CHATS research program.

BSD				August 14, 2018				   BSD

NAME | SYNOPSIS | DESCRIPTION | SEE ALSO | AUTHORS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=pam_exec&sektion=8&manpath=FreeBSD+12.0-RELEASE+and+Ports>

home | help