Synopsis:
pamtester [-v]
[-I item=value]
[-E var=value]
service operation [operation ...]
pamtester requires at least three arguments to operate.
The first argument is service,
which provides the name of the service. The second one is
user, which provides the name of
the user to handle with PAM. The last one is
operation, which
specifies the operation for PAM to perform. For example, the
following set of arguments
pamtester login root open_session
instructs the session modules registered to the "login" service
to open the session for user "root".
Supported operations are listed below:
-
authenticate
Authenticate user. A
conversation may subsequently take place to prompt user
input for necessary authentication information.
-
acct_mgmt
Perform account management on
user.
-
open_session
Open a new session for
user.
-
close_session
Close the current session for
user.
-
chauthtok
Change the authentication token currently assigned to
user. A conversation
may subsequently take place to prompt user input for
necessary authentication information.
Note that it is probable some operations eventually need
additional privileges to fulfill the request, depending on the
service configuration.
More than one operation may be specified at once. In that case the
operations are done in the order of occurrence.
Any operation may also be followed
by the option flags that are
provided between the pair of parenthesis like this:
$ pamtester login root "authenticate(PAM_SILENT)"
Flags are all named and combinable or inversible with bitwise
operators;
|
(OR),
&
(AND),
^
(XOR) and
~
(NOT)
are accepted.
The list of allowed options is shown below:
PAM_SILENT
PAM_DISALLOW_NULL_AUTHTOK
PAM_ESTABLISH_CRED
PAM_REINITIALIZE_CRED
PAM_REFRESH_CRED
PAM_CHANGE_EXPIRED_AUTHTOK
Additional authentication information such as the name of the
remote user, the remote host and the tty can be supplied via
-I
(--item
) option. In the
following example, the tty name is given using "tty" command.
$ pamtester -I tty=`tty` login root open_session
The following types of information are supported:
- service
- user
- prompt
- tty
- ruser
- rhost
If run with -v
(--verbose
) option, pamtester
generates quite detailed output that describes what is going
on behind the scene. Those arguments,
pamtester -v login root open_session close_session
will end up with something like below:
pamtester: invoking pam_start(login, root, ...)
pamtester: performing operation - open_session
Linux localhost 0.0.0 #1 Wed Dec 1 00:00:00 GMT 1971 i4004 GNU/Linux
pamtester: sucessfully opened a session
pamtester: performing operation - close_session
pamtester: session has successfully been closed.