Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

pam_filter(8) [suse man page]

PAM_FILTER(8)							 Linux-PAM Manual						     PAM_FILTER(8)

NAME

       pam_filter - PAM filter module

SYNOPSIS

       pam_filter.so [debug] [new_term] [non_term] run1|run2 filter [...]

DESCRIPTION

       This module is intended to be a platform for providing access to all of the input/output that passes between the user and the application.
       It is only suitable for tty-based and (stdin/stdout) applications.

       To function this module requires filters to be installed on the system. The single filter provided with the module simply transposes upper
       and lower case letters in the input and output streams. (This can be very annoying and is not kind to termcap based editors).

       Each component of the module has the potential to invoke the desired filter. The filter is always execv(2) with the privilege of the
       calling application and not that of the user. For this reason it cannot usually be killed by the user without closing their session.

OPTIONS

       debug
	   Print debug information.

       new_term
	   The default action of the filter is to set the PAM_TTY item to indicate the terminal that the user is using to connect to the
	   application. This argument indicates that the filter should set PAM_TTY to the filtered pseudo-terminal.

       non_term
	   don't try to set the PAM_TTY item.

       runX
	   In order that the module can invoke a filter it should know when to invoke it. This argument is required to tell the filter when to do
	   this.

	   Permitted values for X are 1 and 2. These indicate the precise time that the filter is to be run. To understand this concept it will be
	   useful to have read the pam(3) manual page. Basically, for each management group there are up to two ways of calling the module's
	   functions. In the case of the authentication and session components there are actually two separate functions. For the case of
	   authentication, these functions are pam_authenticate(3) and pam_setcred(3), here run1 means run the filter from the pam_authenticate
	   function and run2 means run the filter from pam_setcred. In the case of the session modules, run1 implies that the filter is invoked at
	   the pam_open_session(3) stage, and run2 for pam_close_session(3).

	   For the case of the account component. Either run1 or run2 may be used.

	   For the case of the password component, run1 is used to indicate that the filter is run on the first occasion of pam_chauthtok(3) (the
	   PAM_PRELIM_CHECK phase) and run2 is used to indicate that the filter is run on the second occasion (the PAM_UPDATE_AUTHTOK phase).

       filter
	   The full pathname of the filter to be run and any command line arguments that the filter might expect.

MODULE TYPES PROVIDED

       All module types (auth, account, password and session) are provided.

RETURN VALUES

       PAM_SUCCESS
	   The new filter was set successfully.

       PAM_ABORT
	   Critical error, immediate abort.

EXAMPLES

       Add the following line to /etc/pam.d/login to see how to configure login to transpose upper and lower case letters once the user has logged
       in:

		   session required pam_filter.so run1 /lib/security/pam_filter/upperLOWER

SEE ALSO

       pam.conf(5), pam.d(5), pam(8)

AUTHOR

       pam_filter was written by Andrew G. Morgan <morgan@kernel.org>.

Linux-PAM Manual						    04/01/2010							     PAM_FILTER(8)

Check Out this Related Man Page

PAM-SCRIPT(7)						 Miscellaneous Information Manual					     PAM-SCRIPT(7)

NAME

       pam-script - a PAM module that can invoke scripts within the PAM stack.

SYNOPSIS

       pam-script.so [onerr=(success|fail)][dir=/some/path/]

DESCRIPTION

       pam-script allows you to execute scripts during authorization, passwd changes, and on session opening or closing.

       Such  scripts  can  perform necessary tasks or influence the outcome of the PAM stack.  For example, if the following entry was included in
       pam.conf
	 sshd	 auth required	pam_script

       then if the script, pam_script_auth, exits with a non-zero value this would cause the user to be denied SSH access to the machine.

OPTIONS

       A summary of options is included below.

       onerr=(success|fail)
	      the default behavior if the module can not find or execute the script.  The default is to fail if the option is not given.

       dir=/some/path/
	      where to find the pam-scripts to invoke for each of the various module-types as described below.	The default is dir=/usr/share/lib-
	      pam-script if not given.

	      List of scripts

       pam_script_auth
	      Executed under auth which handles the authentication stage of establishing the user via some challenge-response (i.e. username/pass-
	      word)

       pam_script_acct
	      invoked under account module-type for non-authentication based account management.

       pam_script_passwd
	      invoked under passwd for changing the password tokens.

       pam_script_ses_open
	      invoked when a session is first opened.

       pam_script_ses_close
	      run after a session is first closed.

	      All the scripts will be passed several environment variables: PAM_USER, PAM_RUSER, PAM_RHOST, PAM_SERVICE, PAM_AUTHTOK, PAM_TTY, and
	      PAM_TYPE referring to the module-type.  The pam_script.so arguments in the pam.conf will be passed on the command line, which can be
	      used to modify the script behavior.

FILES

       /lib/security/pam_script.so - the PAM module
       /usr/share/libpam-script - where the scripts should be placed by default

VERSION

       pam-script 1.1.5

SEE ALSO

       PAM(7) and the PAM "The System Administrators' Guide"

AUTHOR

       pam-script was written by Jeroen Nijhof <jeroen@jeroennijhof.nl>
       with some additions and modifications by R.K. Owen, Ph.D. <rkowen@nersc.gov>.

       This manual page was written by R.K. Owen <rkowen@nersc.gov>,
       for the Debian project (but may be used by others).

								  August 22, 2007						     PAM-SCRIPT(7)
Man Page