Skip to content
/ pam-exec2 Public

PAM module to execute external binaries and scripts, based on pam_exec

License

GPL-3.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

RobinMcCorkell/pam-exec2

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
m4
m4
 
 
src
src
 
 
AUTHORS
AUTHORS
 
 
COPYING
COPYING
 
 
INSTALL
INSTALL
 
 
Makefile.am
Makefile.am
 
 
NEWS
NEWS
 
 
README
README
 
 
autogen.sh
autogen.sh
 
 
configure.ac
configure.ac
 
 

Repository files navigation

pam-exec2
Version 0.5

 Copyright (C) 2013 Robin McCorkell
 This file is part of pam-exec2.

 pam-exec2 is free software: you can redistribute it and/or modify
 it under the terms of the GNU Lesser General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.

 pam-exec2 is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU Lesser General Public License for more details.

 You should have received a copy of the GNU Lesser General Public License
 along with pam-exec2.  If not, see <http://www.gnu.org/licenses/>.

A PAM module, based on pam_exec, to execute external binaries or scripts in a
safe environment. This module provides the ability to pipe stdout and stderr
to a logfile; set the UID and GID of the process to the target user; set the
UID of the process to the EUID it is running as.

The external process will have the following environment variables, along with
the standard ones provided by the PAM stack:
 * PAM_USER    - target user
 * PAM_SERVICE - service running the PAM stack
 * PAM_TTY     - TTY in use
 * PAM_RHOST   - remote host calling the PAM stack
 * PAM_RUSER   - remote user
 * PAM_TYPE    - 'auth', 'account', 'password', 'open_session' or
                 'close_session' depending on the PAM invocation

Usage:
 pam_exec2.so [options] /path/to/executable [args]

Options:
 * debug     - send debug information to syslog
 * quiet     - no output to application
 * drop_priv - set UID and GID to target user (PAM_USER)
 * seteuid   - set UID to EUID of calling process
 * syslog    - redirect stdout and stderr to syslog (LOG_AUTHPRIV):
               stdout as LOG_NOTICE, stderr as LOG_ERR
 * once      - use pam-once to limit execution to first open_session and last
               close_session of a user - only applicable for session type
 * type=...  - only execute if PAM_TYPE matches ...
 * log=...   - redirect stdout and stderr to ...

drop_priv and seteuid are mutually exclusive, as are syslog and log=...

Contact:
 Robin McCorkell <rmccorkell@karoshi.org.uk>

See INSTALL for instructions on how to install this program. For preparing a
release, run ./autogen.sh to generate the required files.

All source files are contained in the src directory. Additional macros used in
configure.ac are stored in the m4 directory.

About

PAM module to execute external binaries and scripts, based on pam_exec

Resources

Readme

License

GPL-3.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages