Visit The New, Modern Unix Linux Community

Linux and UNIX Man Pages

Test Your Knowledge in Computers #136
Difficulty: Easy
The IEEE named Linus Torvalds as the recipient of the IEEE Computer Society's Computer Pioneer Award in 2014.
True or False?
Linux & Unix Commands - Search Man Pages

pam_filter(8) [linux man page]

PAM_FILTER(8)							 Linux-PAM Manual						     PAM_FILTER(8)

NAME
pam_filter - PAM filter module SYNOPSIS
pam_filter.so [debug] [new_term] [non_term] run1|run2 filter [...] DESCRIPTION
This module is intended to be a platform for providing access to all of the input/output that passes between the user and the application. It is only suitable for tty-based and (stdin/stdout) applications. To function this module requires filters to be installed on the system. The single filter provided with the module simply transposes upper and lower case letters in the input and output streams. (This can be very annoying and is not kind to termcap based editors). Each component of the module has the potential to invoke the desired filter. The filter is always execv(2) with the privilege of the calling application and not that of the user. For this reason it cannot usually be killed by the user without closing their session. OPTIONS
debug Print debug information. new_term The default action of the filter is to set the PAM_TTY item to indicate the terminal that the user is using to connect to the application. This argument indicates that the filter should set PAM_TTY to the filtered pseudo-terminal. non_term don't try to set the PAM_TTY item. runX In order that the module can invoke a filter it should know when to invoke it. This argument is required to tell the filter when to do this. Permitted values for X are 1 and 2. These indicate the precise time that the filter is to be run. To understand this concept it will be useful to have read the pam(3) manual page. Basically, for each management group there are up to two ways of calling the module's functions. In the case of the authentication and session components there are actually two separate functions. For the case of authentication, these functions are pam_authenticate(3) and pam_setcred(3), here run1 means run the filter from the pam_authenticate function and run2 means run the filter from pam_setcred. In the case of the session modules, run1 implies that the filter is invoked at the pam_open_session(3) stage, and run2 for pam_close_session(3). For the case of the account component. Either run1 or run2 may be used. For the case of the password component, run1 is used to indicate that the filter is run on the first occasion of pam_chauthtok(3) (the PAM_PRELIM_CHECK phase) and run2 is used to indicate that the filter is run on the second occasion (the PAM_UPDATE_AUTHTOK phase). filter The full pathname of the filter to be run and any command line arguments that the filter might expect. MODULE TYPES PROVIDED
All module types (auth, account, password and session) are provided. RETURN VALUES
PAM_SUCCESS The new filter was set successfully. PAM_ABORT Critical error, immediate abort. EXAMPLES
Add the following line to /etc/pam.d/login to see how to configure login to transpose upper and lower case letters once the user has logged in: session required pam_filter.so run1 /lib/security/pam_filter/upperLOWER SEE ALSO
pam.conf(5), pam.d(5), pam(7) AUTHOR
pam_filter was written by Andrew G. Morgan <morgan@kernel.org>. Linux-PAM Manual 06/04/2011 PAM_FILTER(8)

Check Out this Related Man Page

PAM_EXEC(8)							 Linux-PAM Manual						       PAM_EXEC(8)

NAME
pam_exec - PAM module which calls an external command SYNOPSIS
pam_exec.so [debug] [expose_authtok] [seteuid] [quiet] [stdout] [log=file] [type=type] command [...] DESCRIPTION
pam_exec is a PAM module that can be used to run an external command. The child's environment is set to the current PAM environment list, as returned by pam_getenvlist(3) In addition, the following PAM items are exported as environment variables: PAM_RHOST, PAM_RUSER, PAM_SERVICE, PAM_TTY, PAM_USER and PAM_TYPE, which contains one of the module types: account, auth, password, open_session and close_session. Commands called by pam_exec need to be aware of that the user can have controll over the environment. OPTIONS
debug Print debug information. expose_authtok During authentication the calling command can read the password from stdin(3). log=file The output of the command is appended to file type=type Only run the command if the module type matches the given type. stdout Per default the output of the executed command is written to /dev/null. With this option, the stdout output of the executed command is redirected to the calling application. It's in the responsibility of this application what happens with the output. The log option is ignored. quiet Per default pam_exec.so will echo the exit status of the external command if it fails. Specifying this option will suppress the message. seteuid Per default pam_exec.so will execute the external command with the real user ID of the calling process. Specifying this option means the command is run with the effective user ID. MODULE TYPES PROVIDED
All module types (auth, account, password and session) are provided. RETURN VALUES
PAM_SUCCESS The external command was run successfully. PAM_SERVICE_ERR No argument or a wrong number of arguments were given. PAM_SYSTEM_ERR A system error occurred or the command to execute failed. PAM_IGNORE pam_setcred was called, which does not execute the command. Or, the value given for the type= parameter did not match the module type. EXAMPLES
Add the following line to /etc/pam.d/passwd to rebuild the NIS database after each local password change: password optional pam_exec.so seteuid /usr/bin/make -C /var/yp This will execute the command make -C /var/yp with effective user ID. SEE ALSO
pam.conf(5), pam.d(5), pam(8) AUTHOR
pam_exec was written by Thorsten Kukuk <kukuk@thkukuk.de> and Josh Triplett <josh@joshtriplett.org>. Linux-PAM Manual 09/19/2013 PAM_EXEC(8)

Featured Tech Videos