PAM modules store data in PAM items. These items are only accessible from module context, not application context as they might include private data (PAM_AUTHTOK normally contains the password). But when testing PAM modules, it’s often nice to make sure a PAM module under test can retrieve data from the stack. The pam_set_items module makes this possible by reading environment variables and setting them as PAM items.
Module Types Provided
All module types (account, auth, password and session) are provided.
Consider an example that tests that pam_unix is able to read a provided password and doesn’t query on its own. The test service file would contain:
auth required pam_set_items.so auth required pam_unix.so
Then the test would put the item to the test environment with:
Then run the PAM conversation.