1PAM-SCRIPT(7)          Miscellaneous Information Manual          PAM-SCRIPT(7)
2
3
4

NAME

6       pam-script - a PAM module that can invoke scripts within the PAM stack.
7
8

SYNOPSIS

10       pam-script.so [onerr=(success|fail)][dir=/some/path/]
11
12

DESCRIPTION

14       pam-script  allows  you to execute scripts during authorization, passwd
15       changes, and on session opening or closing.
16
17
18       Such scripts can perform necessary tasks or influence  the  outcome  of
19       the  PAM  stack.   For  example, if the following entry was included in
20       pam.conf
21         sshd    auth required  pam_script
22
23       then if the script, pam_script_auth, exits with a non-zero  value  this
24       would cause the user to be denied SSH access to the machine.
25
26

OPTIONS

28       A summary of options is included below.
29
30       onerr=(success|fail)
31              the  default  behavior if the module can not find or execute the
32              script.  The default is to fail if the option is not given.
33
34       dir=/some/path/
35              where to find the pam-scripts to invoke for each of the  various
36              module-types as described below.  The default is dir=/etc if not
37              given.
38
39              List of scripts
40
41       pam_script_auth
42              Executed under auth which handles the  authentication  stage  of
43              establishing  the  user  via some challenge-response (i.e. user‐
44              name/password)
45
46       pam_script_acct
47              invoked under account module-type for  non-authentication  based
48              account management.
49
50       pam_script_passwd
51              invoked under passwd for changing the password tokens.
52
53       pam_script_ses_open
54              invoked when a session is first opened.
55
56       pam_script_ses_close
57              run after a session is first closed.
58
59              All  the  scripts  will be passed several environment variables:
60              PAM_USER,  PAM_RUSER,   PAM_RHOST,   PAM_SERVICE,   PAM_AUTHTOK,
61              PAM_TTY,   and  PAM_TYPE  referring  to  the  module-type.   The
62              pam_script.so arguments in the pam.conf will be  passed  on  the
63              command line, which can be used to modify the script behavior.
64
65

FILES

67       /lib64/security/pam_script.so - the PAM module
68       /etc - where the scripts should be placed by default
69
70

VERSION

72       pam-script 1.1.8
73
74

SEE ALSO

76       PAM(7) and the PAM "The System Administrators' Guide"
77

AUTHOR

79       pam-script was written by Jeroen Nijhof <jeroen@jeroennijhof.nl>
80       with some additions and modifications by R.K. Owen, Ph.D. <rkowen@nersc.gov>.
81
82       This manual page was written by R.K. Owen <rkowen@nersc.gov>,
83       for the Debian project (but may be used by others).
84
85
86
87                                August 22, 2007                  PAM-SCRIPT(7)
Impressum