pam_exec(8) manual page

The exec service module for PAM executes the program designated by its first argument if no options are specified, with its remaining arguments as command-line arguments. If options are specified, the program and its arguments follow the last option or -- if the program name conflicts with an option name.

The following options may be passed before the program and its arguments:

capture_stderr

Capture text printed by the program to its standard error stream and pass it to the conversation function as error messages. No attempt is made at buffering the text, so results may vary.

capture_stdout

Capture text printed by the program to its standard output stream and pass it to the conversation function as informational messages. No attempt is made at buffering the text, so results may vary.

debug Ignored for compatibility reasons.

no_warn

Ignored for compatibility reasons.

return_prog_exit_status

Use the program exit status as the return code of the pam_sm_* function. It must be a valid return value for this function.

expose_authtok

Write the authentication token to the program's standard input stream, followed by a NUL character. Ignored for pam_sm_setcred().

use_first_pass

If expose_authtok was specified, do not prompt for an authentication token if one is not already available.

-- Stop options parsing; program and its arguments follow.

The child's environment is set to the current PAM environment list, as returned by pam_getenvlist(3). In addition, the following PAM items are exported as environment variables: PAM_RHOST, PAM_RUSER, PAM_SERVICE, PAM_SM_FUNC, PAM_TTY and PAM_USER.

The PAM_SM_FUNC variable contains the name of the PAM service module function being called. It may be:

pam_sm_acct_mgmt

pam_sm_authenticate

pam_sm_chauthtok

pam_sm_close_session

pam_sm_open_session

pam_sm_setcred

If return_prog_exit_status is not set (default), the PAM_SM_FUNC function returns PAM_SUCCESS if the program exit status is 0, PAM_PERM_DENIED otherwise.

If return_prog_exit_status is set, the program exit status is used. It should be PAM_SUCCESS or one of the error codes allowed by the calling PAM_SM_FUNC function. The valid codes are documented in each function man page. If the exit status is not a valid return code, PAM_SERVICE_ERR is returned. Each valid codes numerical value is available as an environment variable (eg.amp; PAM_SUCESS, PAM_USER_UNKNOWN, etc). This is useful in shell scripts for instance.

Manual Pages — PAM_EXEC

NAME

CONTENTS

SYNOPSIS

DESCRIPTION

SEE ALSO

AUTHORS

capture_stderr
	Capture text printed by the program to its standard error stream and pass it to the conversation function as error messages. No attempt is made at buffering the text, so results may vary.
capture_stdout
	Capture text printed by the program to its standard output stream and pass it to the conversation function as informational messages. No attempt is made at buffering the text, so results may vary.
debug	Ignored for compatibility reasons.
no_warn
	Ignored for compatibility reasons.
return_prog_exit_status
	Use the program exit status as the return code of the pam_sm_* function. It must be a valid return value for this function.
expose_authtok
	Write the authentication token to the program's standard input stream, followed by a NUL character. Ignored for `pam_sm_setcred()`.
use_first_pass
	If expose_authtok was specified, do not prompt for an authentication token if one is not already available.
--	Stop options parsing; program and its arguments follow.

	pam_sm_acct_mgmt
	pam_sm_authenticate
	pam_sm_chauthtok
	pam_sm_close_session
	pam_sm_open_session
	pam_sm_setcred