FreeBSD Manual Pages
PAM_EXEC(8) System Manager's Manual PAM_EXEC(8) NAME pam_exec -- Exec PAM module SYNOPSIS [service-name] module-type control-flag pam_exec [arguments] DESCRIPTION The exec service module for PAM executes the program designated by its first argument if no options are specified, with its remaining argu- ments as command-line arguments. If options are specified, the program and its arguments follow the last option or -- if the program name con- flicts with an option name. The following options may be passed before the program and its argu- ments: capture_stderr Capture text printed by the program to its standard error stream and pass it to the conversation function as error mes- sages. No attempt is made at buffering the text, so results may vary. capture_stdout Capture text printed by the program to its standard output stream and pass it to the conversation function as informa- tional messages. No attempt is made at buffering the text, so results may vary. debug Ignored for compatibility reasons. no_warn Ignored for compatibility reasons. return_prog_exit_status Use the program exit status as the return code of the pam_sm_* function. It must be a valid return value for this function. expose_authtok Write the authentication token to the program's standard input stream, followed by a NUL character. Ignored for pam_sm_setcred(). use_first_pass If expose_authtok was specified, do not prompt for an authenti- cation token if one is not already available. -- Stop options parsing; program and its arguments follow. The child's environment is set to the current PAM environment list, as returned by pam_getenvlist(3). In addition, the following PAM items are exported as environment variables: PAM_RHOST, PAM_RUSER, PAM_SERVICE, PAM_SM_FUNC, PAM_TTY and PAM_USER. The PAM_SM_FUNC variable contains the name of the PAM service module function being called. It may be: - pam_sm_acct_mgmt - pam_sm_authenticate - pam_sm_chauthtok - pam_sm_close_session - pam_sm_open_session - pam_sm_setcred If return_prog_exit_status is not set (default), the PAM_SM_FUNC func- tion returns PAM_SUCCESS if the program exit status is 0, PAM_PERM_DENIED otherwise. If return_prog_exit_status is set, the program exit status is used. It should be PAM_SUCCESS or one of the error codes allowed by the calling PAM_SM_FUNC function. The valid codes are documented in each function man page. If the exit status is not a valid return code, PAM_SERVICE_ERR is returned. Each valid codes numerical value is available as an environment variable (eg. PAM_SUCESS, PAM_USER_UNKNOWN, etc). This is useful in shell scripts for instance. SEE ALSO pam(3), pam_get_item(3), pam_sm_acct_mgmt(3), pam_sm_authenticate(3), pam_sm_chauthtok(3), pam_sm_close_session(3), pam_sm_open_session(3), pam_sm_setcred(3), pam.conf(5) AUTHORS The pam_exec module and this manual page were developed for the FreeBSD Project by ThinkSec AS and NAI Labs, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research program. FreeBSD 14.3 May 24, 2019 PAM_EXEC(8)
NAME | SYNOPSIS | DESCRIPTION | SEE ALSO | AUTHORS
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=pam_exec&sektion=8&manpath=FreeBSD+14.3-RELEASE+and+Ports>