Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Contact Us
Online Help
Domain Status
Man Pages

Virtual Servers

Topology Map

Server Agreement
Year 2038

USA Flag



Man Pages
PAM_EXEC(8) FreeBSD System Manager's Manual PAM_EXEC(8)

Exec PAM module

[service-name] module-type control-flag pam_exec [arguments]

The exec service module for PAM executes the program designated by its first argument if no options are specified, with its remaining arguments as command-line arguments. If options are specified, the program and its arguments follow the last option or -- if the program name conflicts with an option name.

The following options may be passed before the program and its arguments:

Capture text printed by the program to its standard error stream and pass it to the conversation function as error messages. No attempt is made at buffering the text, so results may vary.
Capture text printed by the program to its standard output stream and pass it to the conversation function as informational messages. No attempt is made at buffering the text, so results may vary.
Ignored for compatibility reasons.
Ignored for compatibility reasons.
Use the program exit status as the return code of the pam_sm_* function. It must be a valid return value for this function.
Write the authentication token to the program's standard input stream, followed by a NUL character. Ignored for pam_sm_setcred().
If expose_authtok was specified, do not prompt for an authentication token if one is not already available.
Stop options parsing; program and its arguments follow.

The child's environment is set to the current PAM environment list, as returned by pam_getenvlist(3). In addition, the following PAM items are exported as environment variables: PAM_RHOST, PAM_RUSER, PAM_SERVICE, PAM_SM_FUNC, PAM_TTY and PAM_USER.

The PAM_SM_FUNC variable contains the name of the PAM service module function being called. It may be:

  • pam_sm_acct_mgmt
  • pam_sm_authenticate
  • pam_sm_chauthtok
  • pam_sm_close_session
  • pam_sm_open_session
  • pam_sm_setcred

If return_prog_exit_status is not set (default), the PAM_SM_FUNC function returns PAM_SUCCESS if the program exit status is 0, PAM_PERM_DENIED otherwise.

If return_prog_exit_status is set, the program exit status is used. It should be PAM_SUCCESS or one of the error codes allowed by the calling PAM_SM_FUNC function. The valid codes are documented in each function man page. If the exit status is not a valid return code, PAM_SERVICE_ERR is returned. Each valid codes numerical value is available as an environment variable (eg. PAM_SUCESS, PAM_USER_UNKNOWN, etc). This is useful in shell scripts for instance.

pam_get_item(3), pam.conf(5), pam(8), pam_sm_acct_mgmt(8), pam_sm_authenticate(8), pam_sm_chauthtok(8), pam_sm_close_session(8), pam_sm_open_session(8), pam_sm_setcred(8)

The pam_exec module and this manual page were developed for the FreeBSD Project by ThinkSec AS and NAI Labs, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 (“CBOSS”), as part of the DARPA CHATS research program.
May 24, 2019 FreeBSD 13.1-RELEASE

Search for    or go to Top of page |  Section 8 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.