Page MenuHomeFreeBSD

Add expose_authtok option to pam_exec(8).

Authored by on Jul 7 2018, 11:26 AM.



For compatibility with Linux PAM's pam_exec module, allow the password to be optionally passed to the executed program's stdin.

Test Plan

Install "pamtester" from pkg/ports.

Create an executable script containing:

read password
if [ "$PAM_USER" == "abc" ] && [ "$password" == "123" ] ; then
  exit 0
  exit 1

Create /etc/pam.d/my-service containing:

auth required /path/to/ expose_authtok /path/to/
account required

Now run:

pamtester my-service abc authenticate

It waits for a password; entering "123" succeeds, anything else fails.

Diff Detail

rS FreeBSD src repository
Automatic diff as part of commit; lint not applicable.
Automatic diff as part of commit; unit tests not applicable.

Event Timeline created this revision.Jul 7 2018, 11:26 AM edited the summary of this revision. (Show Details) edited the test plan for this revision. (Show Details)

Added handling for EAGAIN on write() (not sure if that case is reachable).

des accepted this revision.Aug 14 2018, 12:10 AM
des accepted this revision.
des edited reviewers, added: des; removed: manpages.
This revision is now accepted and ready to land.Aug 14 2018, 12:11 AM
This revision was automatically updated to reflect the committed changes.