1 <?xml version="1.0" encoding='UTF-8'?>
2 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
3 "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
5 <refentry id="pam_exec">
8 <refentrytitle>pam_exec</refentrytitle>
9 <manvolnum>8</manvolnum>
10 <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
13 <refnamediv id="pam_exec-name">
14 <refname>pam_exec</refname>
15 <refpurpose>PAM module which calls an external command</refpurpose>
19 <cmdsynopsis id="pam_exec-cmdsynopsis">
20 <command>pam_exec.so</command>
34 log=<replaceable>file</replaceable>
37 <replaceable>command</replaceable>
40 <replaceable>...</replaceable>
45 <refsect1 id="pam_exec-description">
47 <title>DESCRIPTION</title>
50 pam_exec is a PAM module that can be used to run
55 The child's environment is set to the current PAM environment list, as
58 <refentrytitle>pam_getenvlist</refentrytitle><manvolnum>3</manvolnum>
60 In addition, the following PAM items are
61 exported as environment variables: <emphasis>PAM_RHOST</emphasis>,
62 <emphasis>PAM_RUSER</emphasis>, <emphasis>PAM_SERVICE</emphasis>,
63 <emphasis>PAM_TTY</emphasis>, <emphasis>PAM_USER</emphasis> and
64 <emphasis>PAM_TYPE</emphasis>, which contains one of the module
65 types: <option>account</option>, <option>auth</option>,
66 <option>password</option>, <option>open_session</option> and
67 <option>close_session</option>.
71 Commands called by pam_exec need to be aware of that the user
72 can have controll over the environment.
77 <refsect1 id="pam_exec-options">
79 <title>OPTIONS</title>
85 <option>debug</option>
89 Print debug information.
96 <option>expose_authtok</option>
100 During authentication the calling command can read
101 the password from <citerefentry>
102 <refentrytitle>stdin</refentrytitle><manvolnum>3</manvolnum>
110 <option>log=<replaceable>file</replaceable></option>
114 The output of the command is appended to
115 <filename>file</filename>
122 <option>quiet</option>
126 Per default pam_exec.so will echo the exit status of the
127 external command if it fails.
128 Specifying this option will suppress the message.
135 <option>seteuid</option>
139 Per default pam_exec.so will execute the external command
140 with the real user ID of the calling process.
141 Specifying this option means the command is run
142 with the effective user ID.
152 <refsect1 id="pam_exec-types">
153 <title>MODULE TYPES PROVIDED</title>
155 All module types (<option>auth</option>, <option>account</option>,
156 <option>password</option> and <option>session</option>) are provided.
160 <refsect1 id='pam_exec-return_values'>
161 <title>RETURN VALUES</title>
166 <term>PAM_SUCCESS</term>
169 The external command was run successfully.
175 <term>PAM_SERVICE_ERR</term>
178 No argument or a wrong number of arguments were given.
184 <term>PAM_SYSTEM_ERR</term>
187 A system error occurred or the command to execute failed.
193 <term>PAM_IGNORE</term>
196 <function>pam_setcred</function> was called, which
197 does not execute the command.
206 <refsect1 id='pam_exec-examples'>
207 <title>EXAMPLES</title>
209 Add the following line to <filename>/etc/pam.d/passwd</filename> to
210 rebuild the NIS database after each local password change:
212 password optional pam_exec.so seteuid /usr/bin/make -C /var/yp
215 This will execute the command
216 <programlisting>make -C /var/yp</programlisting>
217 with effective user ID.
221 <refsect1 id='pam_exec-see_also'>
222 <title>SEE ALSO</title>
225 <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
228 <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
231 <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
236 <refsect1 id='pam_exec-author'>
237 <title>AUTHOR</title>
239 pam_exec was written by Thorsten Kukuk <kukuk@thkukuk.de>.