1PAM_WRAPPER(1)                                                  PAM_WRAPPER(1)
2
3
4

NAME

6       pam_wrapper - A preloadable wrapper to test PAM applications and PAM
7       Modules
8

SYNOPSIS

10       LD_PRELOAD=libpam_wrapper.so PAM_WRAPPER=1
11       PAM_WRAPPER_SERVICE_DIR=/path_to_config ./myapplication
12

DESCRIPTION

14       This tool allows you to either test your PAM application or module. For
15       testing PAM applications we have written a simple PAM module called
16       pam_matrix (see below). If you plan to test a PAM module you can use
17       the pamtest library we have implemented. It simplifies testing of
18       modules. You can be combine it with the cmocka unit testing framework
19       or you can use the provided Python bindings to write tests for your
20       module in Python.
21

ENVIRONMENT VARIABLES

23       pam_wrapper is activated and controlled by environment variables. You
24       can set the following variables:
25
26       PAM_WRAPPER
27           If you load the pam_wrapper and enable it with setting
28           PAM_WRAPPER=1 all PAM calls will be wrapped so you are able to
29           specify a directory with the service files pam_wrapper should be
30           using.
31
32       PAM_WRAPPER_SERVICE_DIR
33           The directory to read PAM service files from.
34
35       If you want to use pam_matrix (see below) or want to test your own PAM
36       module you need to specify the absolute path to your module in the
37       service files.
38
39       PAM_WRAPPER_DEBUGLEVEL
40           If you need to see what is going on in pam_wrapper itself or try to
41           find a bug, you can enable logging support in pam_wrapper if you
42           built it with debug symbols.
43
44           ·   0 = ERROR
45
46           ·   1 = WARNING
47
48           ·   2 = DEBUG
49
50           ·   3 = TRACE
51
52       PAM_WRAPPER_USE_SYSLOG
53           By default pam logs will go to the pam_wrapper DEBUG log level and
54           will not be sent to the syslog. If you want to log to the syslog to
55           you can set this variable to 1.
56
57       PAM_WRAPPER_KEEP_DIR
58           If this option is set to 1, then pam_wrapper won’t delete its
59           temporary directories. Mostly useful for pam_wrapper development.
60

EXAMPLE

62       A service file for pam_wrapper should look like this:
63
64           auth            required        /usr/lib/pam_wrapper/pam_matrix.so passdb=/path/to/pdb
65           account         required        /usr/lib/pam_wrapper/pam_matrix.so passdb=/path/to/pdb
66           password        required        /usr/lib/pam_wrapper/pam_matrix.so passdb=/path/to/pdb
67           session         required        /usr/lib/pam_wrapper/pam_matrix.so passdb=/path/to/pdb
68
69       The name of the file should represent the service name used by your PAM
70       application.
71
72       LD_PRELOAD=./libpam_wrapper.so PAM_WRAPPER=1
73       PAM_WRAPPER_SERVICE_DIR=./pam_services ./my_pam_app
74

PAM_MATRIX

76       We offer a module to make testing of PAM applications easier. You find
77       more information in the pam_matrix(8) manpage.
78
79
80
81                                  2017-04-06                    PAM_WRAPPER(1)