Menu
I am writing a PAM module which writes the username/password in a file for further transaction by an other application. I only saw the PAM_AUTHTOK item but I'm not sure from which type is it. Anybody knows that or another way to get the cleartext password?
983
This is a very old thread, but there is also pam_exec: https://linux.die.net/man/8/pam_exec
e.g. Something like the following in the PAM Config:
auth sufficient pam_exec.so expose_authtok /usr/local/bin/myscript-example
Contents of myscript-example, echoing all the vars out:
#!/bin/sh
read password
echo "User: $PAM_USER"
echo "Ruser: $PAM_RUSER"
echo "Rhost: $PAM_RHOST"
echo "Service: $PAM_SERVICE"
echo "TTY: $PAM_TTY"
echo "Password : $password"
exit $?
Have you read the Linux-PAM Application Developer's Guide? On a RHEL-type system this will be in /usr/share/doc/pam-devel-<version>/Linux-PAM_ADG.txt, or you can find it online at online at various places.
Take a look at the Getting PAM items section, which documents the pam_get_item() function. You can request the password with the PAM_AUTH_TOK constant:
PAM_AUTHTOK
The authentication token (often a password). This token should be ignored by all module functions besides pam_sm_authenticate(3) and pam_sm_chauthtok (3). In the former function it is used to pass the most recent authentication token from one stacked module to another. In the latter function the token is used for another purpose. It contains the currently active authentication token.
25
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
