Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

pam_exec(8) [linux man page]

PAM_EXEC(8)							 Linux-PAM Manual						       PAM_EXEC(8)

NAME
pam_exec - PAM module which calls an external command SYNOPSIS
pam_exec.so [debug] [expose_authtok] [seteuid] [quiet] [log=file] command [...] DESCRIPTION
pam_exec is a PAM module that can be used to run an external command. The child's environment is set to the current PAM environment list, as returned by pam_getenvlist(3) In addition, the following PAM items are exported as environment variables: PAM_RHOST, PAM_RUSER, PAM_SERVICE, PAM_TTY, PAM_USER and PAM_TYPE, which contains one of the module types: account, auth, password, open_session and close_session. Commands called by pam_exec need to be aware of that the user can have controll over the environment. OPTIONS
debug Print debug information. expose_authtok During authentication the calling command can read the password from stdin(3). log=file The output of the command is appended to file quiet Per default pam_exec.so will echo the exit status of the external command if it fails. Specifying this option will suppress the message. seteuid Per default pam_exec.so will execute the external command with the real user ID of the calling process. Specifying this option means the command is run with the effective user ID. MODULE TYPES PROVIDED
All module types (auth, account, password and session) are provided. RETURN VALUES
PAM_SUCCESS The external command was run successfully. PAM_SERVICE_ERR No argument or a wrong number of arguments were given. PAM_SYSTEM_ERR A system error occurred or the command to execute failed. PAM_IGNORE pam_setcred was called, which does not execute the command. EXAMPLES
Add the following line to /etc/pam.d/passwd to rebuild the NIS database after each local password change: password optional pam_exec.so seteuid /usr/bin/make -C /var/yp This will execute the command make -C /var/yp with effective user ID. SEE ALSO
pam.conf(5), pam.d(5), pam(7) AUTHOR
pam_exec was written by Thorsten Kukuk <kukuk@thkukuk.de>. Linux-PAM Manual 06/04/2011 PAM_EXEC(8)

Check Out this Related Man Page

PAM_PWHISTORY(8)						 Linux-PAM Manual						  PAM_PWHISTORY(8)

NAME
pam_pwhistory - PAM module to remember last passwords SYNOPSIS
pam_pwhistory.so [debug] [use_authtok] [enforce_for_root] [remember=N] [retry=N] [authtok_type=STRING] DESCRIPTION
This module saves the last passwords for each user in order to force password change history and keep the user from alternating between the same password too frequently. This module does not work together with kerberos. In general, it does not make much sense to use this module in conjunction with NIS or LDAP, since the old passwords are stored on the local machine and are not available on another machine for password history checking. OPTIONS
debug Turns on debugging via syslog(3). use_authtok When password changing enforce the module to use the new password provided by a previously stacked password module (this is used in the example of the stacking of the pam_cracklib module documented below). enforce_for_root If this option is set, the check is enforced for root, too. remember=N The last N passwords for each user are saved in /etc/security/opasswd. The default is 10. retry=N Prompt user at most N times before returning with error. The default is 1. authtok_type=STRING See pam_get_authtok(3) for more details. MODULE TYPES PROVIDED
Only the password module type is provided. RETURN VALUES
PAM_AUTHTOK_ERR No new password was entered, the user aborted password change or new password couldn't be set. PAM_IGNORE Password history was disabled. PAM_MAXTRIES Password was rejected too often. PAM_USER_UNKNOWN User is not known to system. EXAMPLES
An example password section would be: #%PAM-1.0 password required pam_pwhistory.so password required pam_unix.so use_authtok In combination with pam_cracklib: #%PAM-1.0 password required pam_cracklib.so retry=3 password required pam_pwhistory.so use_authtok password required pam_unix.so use_authtok FILES
/etc/security/opasswd File with password history SEE ALSO
pam.conf(5), pam.d(5), pam(8) pam_get_authtok(3) AUTHOR
pam_pwhistory was written by Thorsten Kukuk <kukuk@thkukuk.de> Linux-PAM Manual 04/01/2010 PAM_PWHISTORY(8)
Man Page