lunar (1) pam_wrapper.1.gz

Provided by: libpam-wrapper_1.1.4-1build2_amd64 bug

NAME

       pam_wrapper - A preloadable wrapper to test PAM applications and PAM Modules

SYNOPSIS

       LD_PRELOAD=libpam_wrapper.so PAM_WRAPPER=1 PAM_WRAPPER_SERVICE_DIR=/path_to_config
       ./myapplication

DESCRIPTION

       This tool allows you to either test your PAM application or module. For testing PAM
       applications we have written a simple PAM module called pam_matrix (see below). If you
       plan to test a PAM module you can use the pamtest library we have implemented. It
       simplifies testing of modules. You can be combine it with the cmocka unit testing
       framework or you can use the provided Python bindings to write tests for your module in
       Python.

ENVIRONMENT VARIABLES

       pam_wrapper is activated and controlled by environment variables. You can set the
       following variables:

       PAM_WRAPPER
           If you load the pam_wrapper and enable it with setting PAM_WRAPPER=1 all PAM calls
           will be wrapped so you are able to specify a directory with the service files
           pam_wrapper should be using.

       PAM_WRAPPER_SERVICE_DIR
           The directory to read PAM service files from.

       If you want to use pam_matrix (see below) or want to test your own PAM module you need to
       specify the absolute path to your module in the service files.

       PAM_WRAPPER_DEBUGLEVEL
           If you need to see what is going on in pam_wrapper itself or try to find a bug, you
           can enable logging support in pam_wrapper if you built it with debug symbols.

           •   0 = ERROR

           •   1 = WARNING

           •   2 = DEBUG

           •   3 = TRACE

       PAM_WRAPPER_USE_SYSLOG
           By default pam logs will go to the pam_wrapper DEBUG log level and will not be sent to
           the syslog. If you want to log to the syslog to you can set this variable to 1.

       PAM_WRAPPER_KEEP_DIR
           If this option is set to 1, then pam_wrapper won’t delete its temporary directories.
           Mostly useful for pam_wrapper development.

       PAM_WRAPPER_DISABLE_DEEPBIND
           This allows you to disable deep binding in pam_wrapper. This is useful for running
           valgrind tools or sanitizers like (address, undefined, thread).

EXAMPLE

       A service file for pam_wrapper should look like this:

           auth            required        /usr/lib/pam_wrapper/pam_matrix.so passdb=/path/to/pdb
           account         required        /usr/lib/pam_wrapper/pam_matrix.so passdb=/path/to/pdb
           password        required        /usr/lib/pam_wrapper/pam_matrix.so passdb=/path/to/pdb
           session         required        /usr/lib/pam_wrapper/pam_matrix.so passdb=/path/to/pdb

       The name of the file should represent the service name used by your PAM application.

       LD_PRELOAD=./libpam_wrapper.so PAM_WRAPPER=1 PAM_WRAPPER_SERVICE_DIR=./pam_services
       ./my_pam_app

PAM_MATRIX

       We offer a module to make testing of PAM applications easier. You find more information in
       the pam_matrix(8) manpage.

AUTHOR

       The Samba Team
           Author.

                                            2020-01-31                             PAM_WRAPPER(1)