pam_get_items - A PAM test module to retrieve module-specific PAM items
PAM modules store data in PAM items
. These items are only accessible from
module context, not application context as they might include private data
(PAM_AUTHTOK normally contains the password). But when testing PAM modules,
it’s often nice to make sure a PAM module under test sets items for the
next module the way it’s supposed to. The pam_get_items module makes
this possible by exporting all PAM items as environment variables using
pam_putenv. The environment variable name is the same as the constant name of
the PAM item.
All module types ( account
) are provided.
Consider an example that tests that pam_unix puts the password it reads onto PAM
stack. The test service file would contain:
auth required pam_unix.so
auth required pam_get_items.so
Then the test would run the PAM conversation and afterwards call:
To retrieve the password.