diff options
Diffstat (limited to 'bin/pamtest/pamtest.1')
-rw-r--r-- | bin/pamtest/pamtest.1 | 177 |
1 files changed, 177 insertions, 0 deletions
diff --git a/bin/pamtest/pamtest.1 b/bin/pamtest/pamtest.1 new file mode 100644 index 0000000..78e8353 --- /dev/null +++ b/bin/pamtest/pamtest.1 @@ -0,0 +1,177 @@ +.\"- +.\" Copyright (c) 2011 Dag-Erling Smørgrav +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: pamtest.1 471 2011-11-03 09:44:40Z des $ +.\" +.Dd November 2, 2011 +.Dt PAMTEST 1 +.Os +.Sh NAME +.Nm pamtest +.Nd PAM policy tester +.Sh SYNOPSYS +.Nm +.Op Fl dksv +.Op Fl H Ar rhost +.Op Fl h Ar host +.Op Fl t Ar tty +.Op Fl U Ar ruser +.Op Fl u Ar user +.Ar service +.Op Ar command ... +.Sh DESCRIPTION +The +.Nm +utility offers an easy way to test PAM modules and policies from the +command line. +.Pp +The +.Nm +utility loads the PAM policy specified by the +.Ar service +argument, starts a PAM transaction by calling +.Xr pam_start 3 , +then executes the primitives specified by the remaining command-line +arguments. +Finally, it ends the transaction by calling +.Xr pam_end 3 . +.Pp +The commands are: +.Bl -tag -width 6n +.It Cm authenticate , Cm auth +Call +.Xr pam_authenticate 3 . +.It Cm acct_mgmt , Cm account +Call +.Xr pam_acct_mgmt 3 . +.It Cm chauthtok , Cm change +Call +.Xr pam_chauthtok 3 +with the +.Dv PAM_CHANGE_EXPIRED_AUTHTOK +flag set. +.It Cm forcechauthtok , Cm forcechange +Call +.Xr pam_chauthtok 3 +with no flags set. +.It Cm setcred , Cm establish_cred +Call +.Xr pam_setcred 3 +with the +.Dv PAM_ESTABLISH_CRED +flag set. +.It Cm open_session , Cm open +Call +.Xr pam_open_session 3 . +.It Cm close_session , Cm close +Call +.Xr pam_close_session 3 . +.It Cm unsetcred , Cm delete_cred +Call +.Xr pam_setcred 3 +with the +.Dv PAM_DELETE_CRED +flag set. +.It Cm listenv , Cm env +Call +.Xr pam_getenvlist 3 +and print the contents of the list it returns. +.El +.Pp +The following options are available: +.Bl -tag -width Fl +.It Fl d +Enables debug messages within the OpenPAM library. +See +.Xr openpam_log 3 +for details. +.It Fl H Ar rhost +Specify the name of the fictitious remote host. +The default is to use the name of the local host. +.It Fl h Ar host +Specify the name of the local host. +The default is to use the result of calling +.Xr gethostname 3 . +.It Fl k +Keep going even if one of the commands fails. +.It Fl s +Set the +.Dv PAM_SILENT +flag when calling the +.Xr pam_authenticate 3 , +.Xr pam_acct_mgmt 3 , +.Xr pam_chauthok 3 , +.Xr pam_setcred 3 , +.Xr pam_open_session 3 +and +.Xr pam_close_session 3 +primitives. +.It Fl t Ar tty +Specify the name of the tty. +The default is to use the result of calling +.Xr ttyname 3 . +.It Fl U Ar ruser +Specify the name of the supplicant (remote user). +.It Fl u Ar user +Specify the name of the principal (local user). +.It Fl v +Enables debug messages from +.Nm +itself. +.El +.Sh EXAMPLES +Simulate a typical PAM transaction using the +.Dq system +policy: +.Bd -literal -offset indent +pamtest -v system auth account change setcred open close unsetcred +.Ed +.Sh SEE ALSO +.Xr openpam 3 +.Xr pam 3 +.Xr pam.conf 5 +.Sh AUTHORS +The +.Nm +utility and this manual page were written by +.An Dag-Erling Sm\(/orgrav Aq des@FreeBSD.org . +.Sh BUGS +The +.Nm +utility does not (yet) support setting and getting individual PAM +items or environment variables. +.Pp +The +.Nm +utility does not afford the user complete control over the flags +passed to the +.Xr pam_authenticate 3 , +.Xr pam_acct_mgmt 3 , +.Xr pam_chauthok 3 , +.Xr pam_setcred 3 , +.Xr pam_open_session 3 +and +.Xr pam_close_session 3 +primitives. |