|
Packit Service |
b29381 |
'\" t
|
|
Packit Service |
b29381 |
.\" Title: pam_filter
|
|
Packit Service |
b29381 |
.\" Author: [see the "AUTHOR" section]
|
|
Packit Service |
b29381 |
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
|
|
Packit Service |
b29381 |
.\" Date: 05/18/2017
|
|
Packit Service |
b29381 |
.\" Manual: Linux-PAM Manual
|
|
Packit Service |
b29381 |
.\" Source: Linux-PAM Manual
|
|
Packit Service |
b29381 |
.\" Language: English
|
|
Packit Service |
b29381 |
.\"
|
|
Packit Service |
b29381 |
.TH "PAM_FILTER" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
|
|
Packit Service |
b29381 |
.\" -----------------------------------------------------------------
|
|
Packit Service |
b29381 |
.\" * Define some portability stuff
|
|
Packit Service |
b29381 |
.\" -----------------------------------------------------------------
|
|
Packit Service |
b29381 |
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Packit Service |
b29381 |
.\" http://bugs.debian.org/507673
|
|
Packit Service |
b29381 |
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
|
|
Packit Service |
b29381 |
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Packit Service |
b29381 |
.ie \n(.g .ds Aq \(aq
|
|
Packit Service |
b29381 |
.el .ds Aq '
|
|
Packit Service |
b29381 |
.\" -----------------------------------------------------------------
|
|
Packit Service |
b29381 |
.\" * set default formatting
|
|
Packit Service |
b29381 |
.\" -----------------------------------------------------------------
|
|
Packit Service |
b29381 |
.\" disable hyphenation
|
|
Packit Service |
b29381 |
.nh
|
|
Packit Service |
b29381 |
.\" disable justification (adjust text to left margin only)
|
|
Packit Service |
b29381 |
.ad l
|
|
Packit Service |
b29381 |
.\" -----------------------------------------------------------------
|
|
Packit Service |
b29381 |
.\" * MAIN CONTENT STARTS HERE *
|
|
Packit Service |
b29381 |
.\" -----------------------------------------------------------------
|
|
Packit Service |
b29381 |
.SH "NAME"
|
|
Packit Service |
b29381 |
pam_filter \- PAM filter module
|
|
Packit Service |
b29381 |
.SH "SYNOPSIS"
|
|
Packit Service |
b29381 |
.HP \w'\fBpam_filter\&.so\fR\ 'u
|
|
Packit Service |
b29381 |
\fBpam_filter\&.so\fR [debug] [new_term] [non_term] run1|run2 \fIfilter\fR [\fI\&.\&.\&.\fR]
|
|
Packit Service |
b29381 |
.SH "DESCRIPTION"
|
|
Packit Service |
b29381 |
.PP
|
|
Packit Service |
b29381 |
This module is intended to be a platform for providing access to all of the input/output that passes between the user and the application\&. It is only suitable for tty\-based and (stdin/stdout) applications\&.
|
|
Packit Service |
b29381 |
.PP
|
|
Packit Service |
b29381 |
To function this module requires
|
|
Packit Service |
b29381 |
\fIfilters\fR
|
|
Packit Service |
b29381 |
to be installed on the system\&. The single filter provided with the module simply transposes upper and lower case letters in the input and output streams\&. (This can be very annoying and is not kind to termcap based editors)\&.
|
|
Packit Service |
b29381 |
.PP
|
|
Packit Service |
b29381 |
Each component of the module has the potential to invoke the desired filter\&. The filter is always
|
|
Packit Service |
b29381 |
\fBexecv\fR(2)
|
|
Packit Service |
b29381 |
with the privilege of the calling application and
|
|
Packit Service |
b29381 |
\fInot\fR
|
|
Packit Service |
b29381 |
that of the user\&. For this reason it cannot usually be killed by the user without closing their session\&.
|
|
Packit Service |
b29381 |
.SH "OPTIONS"
|
|
Packit Service |
b29381 |
.PP
|
|
Packit Service |
b29381 |
.PP
|
|
Packit Service |
b29381 |
\fBdebug\fR
|
|
Packit Service |
b29381 |
.RS 4
|
|
Packit Service |
b29381 |
Print debug information\&.
|
|
Packit Service |
b29381 |
.RE
|
|
Packit Service |
b29381 |
.PP
|
|
Packit Service |
b29381 |
\fBnew_term\fR
|
|
Packit Service |
b29381 |
.RS 4
|
|
Packit Service |
b29381 |
The default action of the filter is to set the
|
|
Packit Service |
b29381 |
\fIPAM_TTY\fR
|
|
Packit Service |
b29381 |
item to indicate the terminal that the user is using to connect to the application\&. This argument indicates that the filter should set
|
|
Packit Service |
b29381 |
\fIPAM_TTY\fR
|
|
Packit Service |
b29381 |
to the filtered pseudo\-terminal\&.
|
|
Packit Service |
b29381 |
.RE
|
|
Packit Service |
b29381 |
.PP
|
|
Packit Service |
b29381 |
\fBnon_term\fR
|
|
Packit Service |
b29381 |
.RS 4
|
|
Packit Service |
b29381 |
don\*(Aqt try to set the
|
|
Packit Service |
b29381 |
\fIPAM_TTY\fR
|
|
Packit Service |
b29381 |
item\&.
|
|
Packit Service |
b29381 |
.RE
|
|
Packit Service |
b29381 |
.PP
|
|
Packit Service |
b29381 |
\fBrunX\fR
|
|
Packit Service |
b29381 |
.RS 4
|
|
Packit Service |
b29381 |
In order that the module can invoke a filter it should know when to invoke it\&. This argument is required to tell the filter when to do this\&.
|
|
Packit Service |
b29381 |
.sp
|
|
Packit Service |
b29381 |
Permitted values for
|
|
Packit Service |
b29381 |
\fIX\fR
|
|
Packit Service |
b29381 |
are
|
|
Packit Service |
b29381 |
\fI1\fR
|
|
Packit Service |
b29381 |
and
|
|
Packit Service |
b29381 |
\fI2\fR\&. These indicate the precise time that the filter is to be run\&. To understand this concept it will be useful to have read the
|
|
Packit Service |
b29381 |
\fBpam\fR(3)
|
|
Packit Service |
b29381 |
manual page\&. Basically, for each management group there are up to two ways of calling the module\*(Aqs functions\&. In the case of the
|
|
Packit Service |
b29381 |
\fIauthentication\fR
|
|
Packit Service |
b29381 |
and
|
|
Packit Service |
b29381 |
\fIsession\fR
|
|
Packit Service |
b29381 |
components there are actually two separate functions\&. For the case of authentication, these functions are
|
|
Packit Service |
b29381 |
\fBpam_authenticate\fR(3)
|
|
Packit Service |
b29381 |
and
|
|
Packit Service |
b29381 |
\fBpam_setcred\fR(3), here
|
|
Packit Service |
b29381 |
\fBrun1\fR
|
|
Packit Service |
b29381 |
means run the filter from the
|
|
Packit Service |
b29381 |
\fBpam_authenticate\fR
|
|
Packit Service |
b29381 |
function and
|
|
Packit Service |
b29381 |
\fBrun2\fR
|
|
Packit Service |
b29381 |
means run the filter from
|
|
Packit Service |
b29381 |
\fBpam_setcred\fR\&. In the case of the session modules,
|
|
Packit Service |
b29381 |
\fIrun1\fR
|
|
Packit Service |
b29381 |
implies that the filter is invoked at the
|
|
Packit Service |
b29381 |
\fBpam_open_session\fR(3)
|
|
Packit Service |
b29381 |
stage, and
|
|
Packit Service |
b29381 |
\fIrun2\fR
|
|
Packit Service |
b29381 |
for
|
|
Packit Service |
b29381 |
\fBpam_close_session\fR(3)\&.
|
|
Packit Service |
b29381 |
.sp
|
|
Packit Service |
b29381 |
For the case of the account component\&. Either
|
|
Packit Service |
b29381 |
\fIrun1\fR
|
|
Packit Service |
b29381 |
or
|
|
Packit Service |
b29381 |
\fIrun2\fR
|
|
Packit Service |
b29381 |
may be used\&.
|
|
Packit Service |
b29381 |
.sp
|
|
Packit Service |
b29381 |
For the case of the password component,
|
|
Packit Service |
b29381 |
\fIrun1\fR
|
|
Packit Service |
b29381 |
is used to indicate that the filter is run on the first occasion of
|
|
Packit Service |
b29381 |
\fBpam_chauthtok\fR(3)
|
|
Packit Service |
b29381 |
(the
|
|
Packit Service |
b29381 |
\fIPAM_PRELIM_CHECK\fR
|
|
Packit Service |
b29381 |
phase) and
|
|
Packit Service |
b29381 |
\fIrun2\fR
|
|
Packit Service |
b29381 |
is used to indicate that the filter is run on the second occasion (the
|
|
Packit Service |
b29381 |
\fIPAM_UPDATE_AUTHTOK\fR
|
|
Packit Service |
b29381 |
phase)\&.
|
|
Packit Service |
b29381 |
.RE
|
|
Packit Service |
b29381 |
.PP
|
|
Packit Service |
b29381 |
\fBfilter\fR
|
|
Packit Service |
b29381 |
.RS 4
|
|
Packit Service |
b29381 |
The full pathname of the filter to be run and any command line arguments that the filter might expect\&.
|
|
Packit Service |
b29381 |
.RE
|
|
Packit Service |
b29381 |
.SH "MODULE TYPES PROVIDED"
|
|
Packit Service |
b29381 |
.PP
|
|
Packit Service |
b29381 |
All module types (\fBauth\fR,
|
|
Packit Service |
b29381 |
\fBaccount\fR,
|
|
Packit Service |
b29381 |
\fBpassword\fR
|
|
Packit Service |
b29381 |
and
|
|
Packit Service |
b29381 |
\fBsession\fR) are provided\&.
|
|
Packit Service |
b29381 |
.SH "RETURN VALUES"
|
|
Packit Service |
b29381 |
.PP
|
|
Packit Service |
b29381 |
.PP
|
|
Packit Service |
b29381 |
PAM_SUCCESS
|
|
Packit Service |
b29381 |
.RS 4
|
|
Packit Service |
b29381 |
The new filter was set successfully\&.
|
|
Packit Service |
b29381 |
.RE
|
|
Packit Service |
b29381 |
.PP
|
|
Packit Service |
b29381 |
PAM_ABORT
|
|
Packit Service |
b29381 |
.RS 4
|
|
Packit Service |
b29381 |
Critical error, immediate abort\&.
|
|
Packit Service |
b29381 |
.RE
|
|
Packit Service |
b29381 |
.SH "EXAMPLES"
|
|
Packit Service |
b29381 |
.PP
|
|
Packit Service |
b29381 |
Add the following line to
|
|
Packit Service |
b29381 |
/etc/pam\&.d/login
|
|
Packit Service |
b29381 |
to see how to configure login to transpose upper and lower case letters once the user has logged in:
|
|
Packit Service |
b29381 |
.sp
|
|
Packit Service |
b29381 |
.if n \{\
|
|
Packit Service |
b29381 |
.RS 4
|
|
Packit Service |
b29381 |
.\}
|
|
Packit Service |
b29381 |
.nf
|
|
Packit Service |
b29381 |
session required pam_filter\&.so run1 /lib/security/pam_filter/upperLOWER
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
.fi
|
|
Packit Service |
b29381 |
.if n \{\
|
|
Packit Service |
b29381 |
.RE
|
|
Packit Service |
b29381 |
.\}
|
|
Packit Service |
b29381 |
.sp
|
|
Packit Service |
b29381 |
.SH "SEE ALSO"
|
|
Packit Service |
b29381 |
.PP
|
|
Packit Service |
b29381 |
\fBpam.conf\fR(5),
|
|
Packit Service |
b29381 |
\fBpam.d\fR(5),
|
|
Packit Service |
b29381 |
\fBpam\fR(8)
|
|
Packit Service |
b29381 |
.SH "AUTHOR"
|
|
Packit Service |
b29381 |
.PP
|
|
Packit Service |
b29381 |
pam_filter was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&.
|