1PAM_WRAPPER(1) PAM_WRAPPER(1)
2
3
4
6 pam_wrapper - A preloadable wrapper to test PAM applications and PAM
7 Modules
8
10 LD_PRELOAD=libpam_wrapper.so PAM_WRAPPER=1
11 PAM_WRAPPER_SERVICE_DIR=/path_to_config ./myapplication
12
14 This tool allows you to either test your PAM application or module. For
15 testing PAM applications we have written a simple PAM module called
16 pam_matrix (see below). If you plan to test a PAM module you can use
17 the pamtest library we have implemented. It simplifies testing of
18 modules. You can be combine it with the cmocka unit testing framework
19 or you can use the provided Python bindings to write tests for your
20 module in Python.
21
23 pam_wrapper is activated and controlled by environment variables. You
24 can set the following variables:
25
26 PAM_WRAPPER
27 If you load the pam_wrapper and enable it with setting
28 PAM_WRAPPER=1 all PAM calls will be wrapped so you are able to
29 specify a directory with the service files pam_wrapper should be
30 using.
31
32 PAM_WRAPPER_SERVICE_DIR
33 The directory to read PAM service files from.
34
35 If you want to use pam_matrix (see below) or want to test your own PAM
36 module you need to specify the absolute path to your module in the
37 service files.
38
39 PAM_WRAPPER_DEBUGLEVEL
40 If you need to see what is going on in pam_wrapper itself or try to
41 find a bug, you can enable logging support in pam_wrapper if you
42 built it with debug symbols.
43
44 · 0 = ERROR
45
46 · 1 = WARNING
47
48 · 2 = DEBUG
49
50 · 3 = TRACE
51
52 PAM_WRAPPER_USE_SYSLOG
53 By default pam logs will go to the pam_wrapper DEBUG log level and
54 will not be sent to the syslog. If you want to log to the syslog to
55 you can set this variable to 1.
56
57 PAM_WRAPPER_KEEP_DIR
58 If this option is set to 1, then pam_wrapper won’t delete its
59 temporary directories. Mostly useful for pam_wrapper development.
60
61 PAM_WRAPPER_DISABLE_DEEPBIND
62 This allows you to disable deep binding in pam_wrapper. This is
63 useful for running valgrind tools or sanitizers like (address,
64 undefined, thread).
65
67 A service file for pam_wrapper should look like this:
68
69 auth required /usr/lib/pam_wrapper/pam_matrix.so passdb=/path/to/pdb
70 account required /usr/lib/pam_wrapper/pam_matrix.so passdb=/path/to/pdb
71 password required /usr/lib/pam_wrapper/pam_matrix.so passdb=/path/to/pdb
72 session required /usr/lib/pam_wrapper/pam_matrix.so passdb=/path/to/pdb
73
74 The name of the file should represent the service name used by your PAM
75 application.
76
77 LD_PRELOAD=./libpam_wrapper.so PAM_WRAPPER=1
78 PAM_WRAPPER_SERVICE_DIR=./pam_services ./my_pam_app
79
81 We offer a module to make testing of PAM applications easier. You find
82 more information in the pam_matrix(8) manpage.
83
85 The Samba Team
86 Author.
87
88
89
90 2020-01-31 PAM_WRAPPER(1)