pam_set_items - A PAM test module to set module-specific PAM items
PAM modules store data in PAM items
. These items are only accessible from
module context, not application context as they might include private data
(PAM_AUTHTOK normally contains the password). But when testing PAM modules,
it’s often nice to make sure a PAM module under test can retrieve data
from the stack. The pam_set_items module makes this possible by reading
environment variables and setting them as PAM items.
All module types ( account
) are provided.
Consider an example that tests that pam_unix is able to read a provided password
and doesn’t query on its own. The test service file would contain:
auth required pam_set_items.so
auth required pam_unix.so
Then the test would put the item to the test environment with:
Then run the PAM conversation.