1PAM_WRAPPER(1)                                                  PAM_WRAPPER(1)
2
3
4

NAME

6       pam_wrapper - A preloadable wrapper to test PAM applications and PAM
7       Modules
8

SYNOPSIS

10       LD_PRELOAD=libpam_wrapper.so PAM_WRAPPER=1
11       PAM_WRAPPER_SERVICE_DIR=/path_to_config ./myapplication
12

DESCRIPTION

14       This tool allows you to either test your PAM application or module. For
15       testing PAM applications we have written a simple PAM module called
16       pam_matrix (see below). If you plan to test a PAM module you can use
17       the pamtest library we have implemented. It simplifies testing of
18       modules. You can be combine it with the cmocka unit testing framework
19       or you can use the provided Python bindings to write tests for your
20       module in Python.
21

ENVIRONMENT VARIABLES

23       pam_wrapper is activated and controlled by environment variables. You
24       can set the following variables:
25
26       PAM_WRAPPER
27           If you load the pam_wrapper and enable it with setting
28           PAM_WRAPPER=1 all PAM calls will be wrapped so you are able to
29           specify a directory with the service files pam_wrapper should be
30           using.
31
32       PAM_WRAPPER_SERVICE_DIR
33           The directory to read PAM service files from.
34
35       If you want to use pam_matrix (see below) or want to test your own PAM
36       module you need to specify the absolute path to your module in the
37       service files.
38
39       PAM_WRAPPER_DEBUGLEVEL
40           If you need to see what is going on in pam_wrapper itself or try to
41           find a bug, you can enable logging support in pam_wrapper if you
42           built it with debug symbols.
43
44           ·   0 = ERROR
45
46           ·   1 = WARNING
47
48           ·   2 = DEBUG
49
50           ·   3 = TRACE
51
52       PAM_WRAPPER_USE_SYSLOG
53           By default pam logs will go to the pam_wrapper DEBUG log level and
54           will not be sent to the syslog. If you want to log to the syslog to
55           you can set this variable to 1.
56
57       PAM_WRAPPER_KEEP_DIR
58           If this option is set to 1, then pam_wrapper won’t delete its
59           temporary directories. Mostly useful for pam_wrapper development.
60
61       PAM_WRAPPER_DISABLE_DEEPBIND
62           This allows you to disable deep binding in pam_wrapper. This is
63           useful for running valgrind tools or sanitizers like (address,
64           undefined, thread).
65

EXAMPLE

67       A service file for pam_wrapper should look like this:
68
69           auth            required        /usr/lib/pam_wrapper/pam_matrix.so passdb=/path/to/pdb
70           account         required        /usr/lib/pam_wrapper/pam_matrix.so passdb=/path/to/pdb
71           password        required        /usr/lib/pam_wrapper/pam_matrix.so passdb=/path/to/pdb
72           session         required        /usr/lib/pam_wrapper/pam_matrix.so passdb=/path/to/pdb
73
74       The name of the file should represent the service name used by your PAM
75       application.
76
77       LD_PRELOAD=./libpam_wrapper.so PAM_WRAPPER=1
78       PAM_WRAPPER_SERVICE_DIR=./pam_services ./my_pam_app
79

PAM_MATRIX

81       We offer a module to make testing of PAM applications easier. You find
82       more information in the pam_matrix(8) manpage.
83

AUTHOR

85       The Samba Team
86           Author.
87
88
89
90                                  2020-01-31                    PAM_WRAPPER(1)
Impressum