1PAM_FILTER(8)                  Linux-PAM Manual                  PAM_FILTER(8)
2
3
4

NAME

6       pam_filter - PAM filter module
7

SYNOPSIS

9       pam_filter.so [debug] [new_term] [non_term] run1|run2 filter [...]
10

DESCRIPTION

12       This module is intended to be a platform for providing access to all of
13       the input/output that passes between the user and the application. It
14       is only suitable for tty-based and (stdin/stdout) applications.
15
16       To function this module requires filters to be installed on the system.
17       The single filter provided with the module simply transposes upper and
18       lower case letters in the input and output streams. (This can be very
19       annoying and is not kind to termcap based editors).
20
21       Each component of the module has the potential to invoke the desired
22       filter. The filter is always execv(2) with the privilege of the calling
23       application and not that of the user. For this reason it cannot usually
24       be killed by the user without closing their session.
25

OPTIONS

27       debug
28          Print debug information.
29
30       new_term
31          The default action of the filter is to set the PAM_TTY item to
32          indicate the terminal that the user is using to connect to the
33          application. This argument indicates that the filter should set
34          PAM_TTY to the filtered pseudo-terminal.
35
36       non_term
37          don't try to set the PAM_TTY item.
38
39       runX
40          In order that the module can invoke a filter it should know when to
41          invoke it. This argument is required to tell the filter when to do
42          this.
43
44          Permitted values for X are 1 and 2. These indicate the precise time
45          that the filter is to be run. To understand this concept it will be
46          useful to have read the pam(3) manual page. Basically, for each
47          management group there are up to two ways of calling the module's
48          functions. In the case of the authentication and session components
49          there are actually two separate functions. For the case of
50          authentication, these functions are pam_authenticate(3) and
51          pam_setcred(3), here run1 means run the filter from the
52          pam_authenticate function and run2 means run the filter from
53          pam_setcred. In the case of the session modules, run1 implies that
54          the filter is invoked at the pam_open_session(3) stage, and run2 for
55          pam_close_session(3).
56
57          For the case of the account component. Either run1 or run2 may be
58          used.
59
60          For the case of the password component, run1 is used to indicate
61          that the filter is run on the first occasion of pam_chauthtok(3)
62          (the PAM_PRELIM_CHECK phase) and run2 is used to indicate that the
63          filter is run on the second occasion (the PAM_UPDATE_AUTHTOK phase).
64
65       filter
66          The full pathname of the filter to be run and any command line
67          arguments that the filter might expect.
68

MODULE SERVICES PROVIDED

70       The services auth, account, password and session are supported.
71

RETURN VALUES

73       PAM_SUCCESS
74          The new filter was set successfull.
75
76       PAM_ABORT
77          Critical error, immediate abort.
78

EXAMPLES

80       Add the following line to /etc/pam.d/login to see how to configure
81       login to transpose upper and lower case letters once the user has
82       logged in:
83
84                  session required pam_filter.so run1 /lib/security/pam_filter/upperLOWER
85
86
87

SEE ALSO

89       pam.conf(5), pam.d(8), pam(8)
90

AUTHOR

92       pam_filter was written by Andrew G. Morgan <morgan@kernel.org>.
93
94
95
96Linux-PAM Manual                  06/09/2006                     PAM_FILTER(8)
Impressum