pam_set_items - Man Page

A PAM test module to set module-specific PAM items



PAM modules store data in PAM items. These items are only accessible from module context, not application context as they might include private data (PAM_AUTHTOK normally contains the password). But when testing PAM modules, it’s often nice to make sure a PAM module under test can retrieve data from the stack. The pam_set_items module makes this possible by reading environment variables and setting them as PAM items.



Module Types Provided

All module types (account, auth, password and session) are provided.


Consider an example that tests that pam_unix is able to read a provided password and doesn’t query on its own. The test service file would contain:

auth required
auth required

Then the test would put the item to the test environment with:

setenv("PAM_AUTHTOK", "secret");

Then run the PAM conversation.