pam_matrix(8)

1PAM_MATRIX(8)                                                    PAM_MATRIX(8)
2
3
4

NAME

6       pam_matrix - A PAM test module to retrieve module-specific PAM items
7

SYNOPSIS

9       pam_matrix.so [...]
10

DESCRIPTION

12       Testing PAM application often requires to set up an authentication
13       backend with as little effort as possible. The pam_matrix module allows
14       to authenticate against a key-value text file, provided by an option or
15       with an environment variable.
16

IMPORTANT

18       pam_matrix is a test tool. It should be considered completely insecure
19       and never used outside test environments! As you’ll see when reading
20       description of the options and actions, many of them don’t make any
21       sense in the real world and were added just to make tests possible.
22

PASSWORD DATABASE

24       The pam_matrix module authenticates user against a plain-text CSV file.
25       The format of the file is as follows:
26
27           username:password:allowed_service
28
29       Example: User bob allowed to authenticate with the service sshd
30
31           bob:secret:sshd
32

OPTIONS

34       ·   passdb=/path/to/file - the patch to the password database. If the
35           database is not provided with this module option, pam_matrix.so
36           reads the PAM_MATRIX_PASSWD environment variable and tries to load
37           the file from there. If that fails as well, PAM_AUTHINFO_UNAVAIL is
38           returned.
39
40       ·   echo - if this option is provided, pam_matrix.so will ask for
41           password using PAM_PROMPT_ECHO_ON, that is, the password will be
42           echoed back to user. This option was added to make it possible to
43           test conversation functions better.
44
45       ·   verbose - if this option is provided, pam_matrix.so will display a
46           PAM_TEXT_INFO message when authentication succeeds and a
47           PAM_ERROR_MSG when authentication fails. This option was added to
48           make it possible to test conversation functions better.
49

MODULE TYPES PROVIDED

51       All module types (account, auth, password and session) are supported.
52
53       The auth module searches for the user in the passdb file and compares
54       the provided password with the one in the passdb file.
55
56       The password module is able to update the password in the passdb file.
57
58       The access module compares the service name the PAM conversation was
59       invoked with the allowed service for the user as set in the passdb
60       file.
61
62       The session module sets the HOMEDIR PAM environment variable to
63       "/home/%u" where %u stands for the user who opens the session. The
64       variable is unset on session close.
65

EXAMPLE

67           auth        required    pam_matrix.so passdb=/tmp/passdb verbose
68           account     required    pam_matrix.so passdb=/tmp/passdb verbose
69           password    required    pam_matrix.so passdb=/tmp/passdb verbose
70           session     required    pam_matrix.so passdb=/tmp/passdb verbose
71
72
73
74                                  2015-11-04                     PAM_MATRIX(8)