Login or Register to Ask a Question and Join Our Community


Read-only env variable in PAM module


 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users Read-only env variable in PAM module
# 1  
Old 08-15-2013
Read-only env variable in PAM module

Hi guys, does anybody know how to set/create read-only environment variable inside PAM module? I've written my own pam authentication module and I'd need to pass some information to user application started by user after user has been logged to the system and user should not be allowed to change this information. I know that it is possible to set read only variable in shell using 'declare -r var' and I would need to achieve the similar functionality but inside pam module. I tred to use pam_misc_setenv() function but it does not have the possibility to set read only variable.

Thanks and regards,
Joaquin
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Treat value of variable as env variable

Hi All, I have a requirement where I have a config file, which contains 2 coulmn.values of first column are environmnet variable, whose value is defined in an environment file. In my script I need to read the config file, and get the value of the config file variable from env file. I... (2 Replies)
Discussion started by: alok2082
2 Replies

2. SuSE

PAM password change failed, pam error 20

Hi, I use a software which can create account on many system or application. One of resource which is managed by this soft his a server SUSE Linux Enterprise Server 10 (x86_64). patch level 3. This application which is an IBM application use ssh to launch command to create account in... (3 Replies)
Discussion started by: scabarrus
3 Replies

3. Red Hat

PAM module pam_passwdqc module

Hello friends Today i have changed my passwd policy for strong password Everything is working correctly but when i changed my password , it did not ask me my old password my /etc/pam.d/system-auth file is (only passwdqc.so module line) password required pam_passwdqc.so retry=3... (0 Replies)
Discussion started by: rink
0 Replies

4. Web Development

Deny from env=env-variable Does not work

(Above from Apache docs). On my system, using: SetEnvIf User-Agent Mozilla IsBad=1 Order allow,deny Allow from all Deny from env=IsBad ...I see that environment variable is set (using phpinfo()) but the page is still served. No errors in the Apache logs. (1 Reply)
Discussion started by: gnurob
1 Replies

5. Shell Programming and Scripting

Read env variables from argument file

Hi, I have a generic shell script (runBatchJob.sh) to read files (batchJob) with commands in them and execute the commands by reading the batchJob file as below ./runBatchJob.sh batchJob batchJob file $BATCHDIR/execute_procedure.sh $DATADIR/collectData.sh $OTHER_ENV_VAR/doSomething.sh ... (10 Replies)
Discussion started by: bOngY
10 Replies

6. Red Hat

PAM -- module key_init.so

Hello, I'm now analysing the working of PAM. PAM works with config-files, that you can find under the directory /etc/pam.d. One of those config.-files is the file: login.conf. ------------------------------------------------------------------------------------------------------ #... (0 Replies)
Discussion started by: caroline
0 Replies

7. Solaris

Pam Module sending a cannot get password enry after certain period in /var/adm/messag

Pam Module sending a cannot get password enry after certain period in /var/adm/message. pam_login_limit(auth): Cannot get Password entry for user 'dbsnmp' What is dbsnmp? Also if account is locked does pam module checks for this locked account at regular interval and keeps on posting... (2 Replies)
Discussion started by: student2009
2 Replies

8. Solaris

Soalris 10 PAM Radius authentication Module

Hello Group, I'm facing Problem with the configuration of "***pam_radius_auth.so.1***" module to be integrated with Freeradius and Funk Steel Belted Radius. Both this radius servers are able to make "Access-Accept" packet. But the SSH or Telnet client is not able to login to the system with the... (0 Replies)
Discussion started by: ImpeccableCode
0 Replies

9. Solaris

pam module quesion

quick question about PAM module. Here may pam.conf file. How do I verify that pam modules work correctly? Does it mean when it run cron job, it checks the pam module for authentication? Thanks in advance. # passwd auth required pam_passwd_auth.so.1 # # cron service (explicit... (0 Replies)
Discussion started by: mokkan
0 Replies

10. Solaris

Custom pam module

Does anyone know how to create a custom pam module for modifying the login authentication procedure? (1 Reply)
Discussion started by: mhm4
1 Replies
Login or Register to Ask a Question
pam_ldap(8)						      System Manager's Manual						       pam_ldap(8)

NAME
pam_ldap - PAM module for LDAP-based authentication SYNOPSIS
pam_ldap.so [...] DESCRIPTION
This is a PAM module that uses an LDAP server to verify user access rights and credentials. OPTIONS
use_first_pass Specifies that the PAM module should use the first password provided in the authentication stack and not prompt the user for a pass- word. try_first_pass Specifies that the PAM module should use the first password provided in the authentication stack and if that fails prompt the user for a password. nullok Specifying this option allows users to log in with a blank password. Normally logins without a password are denied. ignore_unknown_user Specifies that the PAM module should return PAM_IGNORE for users that are not present in the LDAP directory. This causes the PAM framework to ignore this module. ignore_authinfo_unavail Specifies that the PAM module should return PAM_IGNORE if it cannot contact the LDAP server. This causes the PAM framework to ig- nore this module. no_warn Specifies that warning messages should not be propagated to the PAM application. use_authtok This causes the PAM module to use the earlier provided password when changing the password. The module will not prompt the user for a new password (it is analogous to use_first_pass). debug This option causes the PAM module to log debugging information to syslog(3). minimum_uid=UID This option causes the PAM module to ignore the user if the user id is lower than the specified value. This can be used to bypass LDAP checks for system users (e.g. by setting it to 1000). MODULE SERVICES PROVIDED
All services are provided by this module but currently sessions changes are not implemented in the nslcd daemon. FILES
/etc/pam.conf the main PAM configuration file /etc/nslcd.conf The configuration file for the nslcd daemon (see nslcd.conf(5)) SEE ALSO
pam.conf(5), nslcd(8), nslcd.conf(5) AUTHOR
This manual was written by Arthur de Jong <arthur@arthurdejong.org>. Version 0.8.10 Jun 2012 pam_ldap(8)

Featured Tech Videos