• Start
• Documentation
  • PostgreSQL
  • mnoGoSearch
  • Apache 2.4
  • FreeBSD handbook
  • FreeBSD Manual
  • FreeBSD Source
• Tools
• Search
• Protected Area

plain

FreeBSD manual

keyword 1 2 3 4 5 6 7 8 9 n l

download PDF document: pam_exec.8.pdf

PAM_EXEC(8) FreeBSD System Manager's Manual PAM_EXEC(8)
NAME pam_exec - Exec PAM module
SYNOPSIS [service-name] module-type control-flag pam_exec [arguments]
DESCRIPTION The exec service module for PAM executes the program designated by its first argument if no options are specified, with its remaining arguments as command-line arguments. If options are specified, the program and its arguments follow the last option or -- if the program name conflicts with an option name.
The following options may be passed before the program and its arguments:
capture_stderr Capture text printed by the program to its standard error stream and pass it to the conversation function as error messages. No attempt is made at buffering the text, so results may vary.
capture_stdout Capture text printed by the program to its standard output stream and pass it to the conversation function as informational messages. No attempt is made at buffering the text, so results may vary.
debug Ignored for compatibility reasons.
no_warn Ignored for compatibility reasons.
return_prog_exit_status Use the program exit status as the return code of the pam_sm_* function. It must be a valid return value for this function.
expose_authtok Write the authentication token to the program's standard input stream, followed by a NUL character. Ignored for pam_sm_setcred().
use_first_pass If expose_authtok was specified, do not prompt for an authentication token if one is not already available.
-- Stop options parsing; program and its arguments follow.
The child's environment is set to the current PAM environment list, as returned by pam_getenvlist(3). In addition, the following PAM items are exported as environment variables: PAM_RHOST, PAM_RUSER, PAM_SERVICE, PAM_SM_FUNC, PAM_TTY and PAM_USER.
The PAM_SM_FUNC variable contains the name of the PAM service module function being called. It may be: - pam_sm_acct_mgmt - pam_sm_authenticate - pam_sm_chauthtok - pam_sm_close_session
If return_prog_exit_status is set, the program exit status is used. It should be PAM_SUCCESS or one of the error codes allowed by the calling PAM_SM_FUNC function. The valid codes are documented in each function man page. If the exit status is not a valid return code, PAM_SERVICE_ERR is returned. Each valid codes numerical value is available as an environment variable (eg. PAM_SUCESS, PAM_USER_UNKNOWN, etc). This is useful in shell scripts for instance.
SEE ALSO pam_get_item(3), pam.conf(5), pam(3), pam_sm_acct_mgmt(3), pam_sm_authenticate(3), pam_sm_chauthtok(3), pam_sm_close_session(3), pam_sm_open_session(3), pam_sm_setcred(3)
AUTHORS The pam_exec module and this manual page were developed for the FreeBSD Project by ThinkSec AS and NAI Labs, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research program.
FreeBSD 14.2-RELEASE May 24, 2019 FreeBSD 14.2-RELEASE