pam_script(5) - Linux man page

pam_script

pam-script - A PAM that runs a script at the start or end of a session

Synopsis

session required pam-script.so [options]
auth required pam-script.so [options]

Description

This manual page briefly documents the pam-script PAM.

pam-script.so is a pam module that implements session management. It optionally runs a session open script (/etc/security/onsessionopen), a session close script (/etc/security/onsessionclose) or an authentication script (/etc/security/onauth) if they exist. Alternatively any other script can be executed using the options onsessionopen=/path/to/script, onsessionclose=/path/to/script and onauth=/path/to/script.

Options

runas=username

Run onsessionopen and onsessionclose as the specified user username

onsessionopen=path

Run path instead of /etc/security/onsessionopen

onsessionclose=path

Run path instead of /etc/security/onsessionclose

expose=integer
Bitmask that determines what information in the pam_environment to expose to the script's environment. Set this to 1 to expose PAM_AUTHTOK and 2 to expose KRB5CCNAME (the kerberos ticket cache). Remember that exposing PAM_AUTHTOK may be dangerous.

Author

This manual page was written by Izak Burger <isburger@gmail.com>, for the Debian GNU/Linux system (but may be used by others).