pam_set_items man page

pam_set_items — A PAM test module to set module-specific PAM items

Synopsis

pam_set_items.so

Description

PAM modules store data in PAM items. These items are only accessible from module context, not application context as they might include private data (PAM_AUTHTOK normally contains the password). But when testing PAM modules, it’s often nice to make sure a PAM module under test can retrieve data from the stack. The pam_set_items module makes this possible by reading environment variables and setting them as PAM items.

Options

None

Module Types Provided

All module types (account, auth, password and session) are provided.

Example

Consider an example that tests that pam_unix is able to read a provided password and doesn’t query on its own. The test service file would contain:

auth required        pam_set_items.so
auth required        pam_unix.so

Then the test would put the item to the test environment with:

setenv("PAM_AUTHTOK", "secret");

Then run the PAM conversation.

Info

2015-11-04