Man Linux: Main Page and Category List

NAME

       pam-script - a PAM module that can invoke scripts within the PAM stack.

SYNOPSIS

       pam-script.so [onerr=(success|fail)][dir=/some/path/]

DESCRIPTION

       pam-script allows you to execute scripts during  authorization,  passwd
       changes, and on session opening or closing.

       Such  scripts  can  perform necessary tasks or influence the outcome of
       the PAM stack.  For example, if the following  entry  was  included  in
       pam.conf
         sshd    auth required  pam_script

       then  if  the script, pam_script_auth, exits with a non-zero value this
       would cause the user to be denied SSH access to the machine.

OPTIONS

       A summary of options is included below.

       onerr=(success|fail)
              the default behavior if the module can not find or  execute  the
              script.  The default is to fail if the option is not given.

       dir=/some/path/
              where  to find the pam-scripts to invoke for each of the various
              module-types   as   described    below.     The    default    is
              dir=/usr/share/libpam-script if not given.

              List of scripts

       pam_script_auth
              Executed  under  auth  which handles the authentication stage of
              establishing  the  user  via   some   challenge-response   (i.e.
              username/password)

       pam_script_acct
              invoked  under  account module-type for non-authentication based
              account management.

       pam_script_passwd
              invoked under passwd for changing the password tokens.

       pam_script_ses_open
              invoked when a session is first opened.

       pam_script_ses_close
              run after a session is first closed.

              All the scripts will be passed  several  environment  variables:
              PAM_USER,   PAM_RUSER,   PAM_RHOST,   PAM_SERVICE,  PAM_AUTHTOK,
              PAM_TTY,  and  PAM_TYPE  referring  to  the  module-type.    The
              pam_script.so  arguments  in  the pam.conf will be passed on the
              command line, which can be used to modify the script behavior.

FILES

       /lib/security/pam_script.so - the PAM module
       /usr/share/libpam-script -  where  the  scripts  should  be  placed  by
       default

VERSION

       pam-script 1.1.4

SEE ALSO

       PAM(7) and the PAM "The System Administrators’ Guide"

AUTHOR

       pam-script was written by Jeroen Nijhof <jnijhof@nijhofnet.nl>
       with some additions and modifications by R.K. Owen, Ph.D. <rkowen@nersc.gov>.

       This manual page was written by R.K. Owen <rkowen@nersc.gov>,
       for the Debian project (but may be used by others).

                                August 22, 2007