pam_get_items man page

pam_get_items — A PAM test module to retrieve module-specific PAM items




PAM modules store data in PAM items. These items are only accessible from module context, not application context as they might include private data (PAM_AUTHTOK normally contains the password). But when testing PAM modules, it’s often nice to make sure a PAM module under test sets items for the next module the way it’s supposed to. The pam_get_items module makes this possible by exporting all PAM items as environment variables using pam_putenv. The environment variable name is the same as the constant name of the PAM item.



Module Types Provided

All module types (account, auth, password and session) are provided.


Consider an example that tests that pam_unix puts the password it reads onto PAM stack. The test service file would contain:

auth required        pam_unix.so
auth required        pam_get_items.so

Then the test would run the PAM conversation and afterwards call:

pam_getenv(pamh, "PAM_AUTHTOK");

To retrieve the password.