noble (7) pam-script.7.gz

Provided by: libpam-script_1.1.9-6_amd64 bug

NAME
       pam-script - a PAM module that can invoke scripts within the PAM stack.


SYNOPSIS
       pam-script.so [onerr=(success|fail)][dir=/some/path/]


DESCRIPTION
       pam-script  allows you to execute scripts during authorization, passwd changes, and on session opening or
       closing.

       Such scripts can perform necessary tasks or influence the outcome of the PAM stack.  For example, if  the
       following entry was included in pam.conf
         sshd    auth required  pam_script

       then  if  the script, pam_script_auth, exits with a non-zero value this would cause the user to be denied
       SSH access to the machine.


OPTIONS
       A summary of options is included below.

       onerr=(success|fail)
              the default behavior if the module can not find or execute the script.  The default is to fail  if
              the option is not given.

       dir=/some/path/
              where  to  find the pam-scripts to invoke for each of the various module-types as described below.
              The default is dir=/usr/share/libpam-script if not given.

              List of scripts

       pam_script_auth
              Executed under auth which handles the authentication stage  of  establishing  the  user  via  some
              challenge-response (i.e. username/password)

       pam_script_acct
              invoked under account module-type for non-authentication based account management.

       pam_script_passwd
              invoked under passwd for changing the password tokens.

       pam_script_ses_open
              invoked when a session is first opened.

       pam_script_ses_close
              run after a session is first closed.

              All  the  scripts  will  be  passed several environment variables: PAM_USER, PAM_RUSER, PAM_RHOST,
              PAM_SERVICE, PAM_AUTHTOK, PAM_TTY, and PAM_TYPE referring to the module-type.   The  pam_script.so
              arguments  in  the  pam.conf  will  be passed on the command line, which can be used to modify the
              script behavior.


FILES
       /usr/lib/x86_64-linux-gnu/security/pam_script.so - the PAM module
       /usr/share/libpam-script - where the scripts should be placed by default


VERSION
       pam-script 1.1.8


SEE ALSO
       PAM(7) and the PAM "The System Administrators' Guide"


AUTHOR
       pam-script was written by Jeroen Nijhof <jeroen@jeroennijhof.nl>
       with some additions and modifications by R.K. Owen, Ph.D. <rkowen@nersc.gov>.

       This manual page was written by R.K. Owen <rkowen@nersc.gov>,
       for the Debian project (but may be used by others).

                                                 August 22, 2007                                   PAM-SCRIPT(7)