diff options
Diffstat (limited to 'README')
-rw-r--r-- | README | 40 |
1 files changed, 40 insertions, 0 deletions
@@ -0,0 +1,40 @@ +The purpose of this module is to call an external program. This can e.g. be +used to call a lockout process, that locks out a user after multiple failed +login attempts, a script that logs usernames to a file or whatever you can +think of. The program gets called as: + + program pam_function user=... ruser=... rhost=... tty=... service=... + +Where pam_function is either pam_authenticate, pam_setcred, pam_acct_mgmt, +pam_open_session, pam_close_session or pam_chauthtok (see below). It returns +PAM_IGNORE on success (since it doesn't want to affect the authentication +process) on "success" and tries to report errors properly otherwise. + +Recognized arguments: + + exec=<arg> Program to execute + debug Print debuging information + +module services provided: + + auth _authenticate and _setcred (blank) + acct _acct_mgmt [mapped to _authenticate] + session _open_session and + _close_session [mapped to _authenticate ] + password _chauthtok [mapped to _authenticate] + + +Example: + Put this in /etc/pam.d/su to log all the available information to /root/dump + on failed su attempts: + + auth [success=1] pam_unix.so nullok_secure + auth required pam_exec.so exec=/root/dumpit debug + auth required pam_permit.so + + where /root/dumpit is a shell script: + + #!/bin/sh + echo "$@" > /root/dump + + -- Guido Guenther <agx@sigxcpu.org> Fri, 4 Nov 2005 13:32:15 +0100 |