|Use the program exit status as the return code of the pam_sm_* function. It must be a valid return value for this function.|
|--||Stop options parsing; program and its arguments follow.|
The childs environment is set to the current PAM environment list, as returned by pam_getenvlist(3). In addition, the following PAM items are exported as environment variables: PAM_RHOST, PAM_RUSER, PAM_SERVICE, PAM_SM_FUNC, PAM_TTY and PAM_USER.
The PAM_SM_FUNC variable contains the name of the PAM service module function being called. It may be:
If return_prog_exit_status is not set (default), the PAM_SM_FUNC function returns PAM_SUCCESS if the program exit status is 0, PAM_PERM_DENIED otherwise.
If return_prog_exit_status is set, the program exit status is used. It should be PAM_SUCCESS or one of the error codes allowed by the calling PAM_SM_FUNC function. The valid codes are documented in each function man page. If the exit status is not a valid return code, PAM_SERVICE_ERR is returned. Each valid codes numerical value is available as an environment variable (eg. PAM_SUCESS, PAM_USER_UNKNOWN, etc). This is useful in shell scripts for instance.
pam_get_item(3), pam.conf(5), pam(8), pam_sm_acct_mgmt(8), pam_sm_authenticate(8), pam_sm_chauthtok(8), pam_sm_close_session(8), pam_sm_open_session(8), pam_sm_setcred(8)
The pam_exec module and this manual page were developed for the
.Fx Project by ThinkSec AS and NAI Labs, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research program.