1.\"- 2.\" Copyright (c) 2011-2017 Dag-Erling Smørgrav 3.\" All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright 9.\" notice, this list of conditions and the following disclaimer. 10.\" 2. Redistributions in binary form must reproduce the above copyright 11.\" notice, this list of conditions and the following disclaimer in the 12.\" documentation and/or other materials provided with the distribution. 13.\" 3. The name of the author may not be used to endorse or promote 14.\" products derived from this software without specific prior written 15.\" permission. 16.\" 17.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 21.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27.\" SUCH DAMAGE. 28.\" 29.Dd June 27, 2023 30.Dt PAMTEST 1 31.Os 32.Sh NAME 33.Nm pamtest 34.Nd PAM policy tester 35.Sh SYNOPSIS 36.Nm 37.Op Fl dkMPsv 38.Op Fl H Ar rhost 39.Op Fl h Ar host 40.Op Fl T Ar timeout 41.Op Fl t Ar tty 42.Op Fl U Ar ruser 43.Op Fl u Ar user 44.Ar service 45.Op Ar command ... 46.Sh DESCRIPTION 47The 48.Nm 49utility offers an easy way to test PAM modules and policies from the 50command line. 51.Pp 52The 53.Nm 54utility loads the PAM policy specified by the 55.Ar service 56argument, starts a PAM transaction by calling 57.Xr pam_start 3 , 58then executes the primitives specified by the remaining command-line 59arguments. 60Finally, it ends the transaction by calling 61.Xr pam_end 3 . 62.Pp 63The commands are: 64.Bl -tag -width 6n 65.It Cm authenticate , Cm auth 66Call 67.Xr pam_authenticate 3 . 68.It Cm acct_mgmt , Cm account 69Call 70.Xr pam_acct_mgmt 3 . 71.It Cm chauthtok , Cm change 72Call 73.Xr pam_chauthtok 3 74with the 75.Dv PAM_CHANGE_EXPIRED_AUTHTOK 76flag set. 77.It Cm forcechauthtok , Cm forcechange 78Call 79.Xr pam_chauthtok 3 80with no flags set. 81.It Cm setcred , Cm establish_cred 82Call 83.Xr pam_setcred 3 84with the 85.Dv PAM_ESTABLISH_CRED 86flag set. 87.It Cm open_session , Cm open 88Call 89.Xr pam_open_session 3 . 90.It Cm close_session , Cm close 91Call 92.Xr pam_close_session 3 . 93.It Cm unsetcred , Cm delete_cred 94Call 95.Xr pam_setcred 3 96with the 97.Dv PAM_DELETE_CRED 98flag set. 99.It Cm listenv , Cm env 100Call 101.Xr pam_getenvlist 3 102and print the contents of the list it returns. 103.El 104.Pp 105The following options are available: 106.Bl -tag -width Fl 107.It Fl d 108Enables debug messages within the OpenPAM library. 109See 110.Xr openpam_log 3 111for details. 112.It Fl H Ar rhost 113Specify the name of the fictitious remote host. 114The default is to use the name of the local host. 115.It Fl h Ar host 116Specify the name of the local host. 117The default is to use the result of calling 118.Xr gethostname 3 . 119.It Fl k 120Keep going even if one of the commands fails. 121.It Fl M 122Disable path, ownership and permission checks on module files. 123.It Fl P 124Disable service name validation and path, ownership and permission 125checks on policy files. 126.It Fl s 127Set the 128.Dv PAM_SILENT 129flag when calling the 130.Xr pam_authenticate 3 , 131.Xr pam_acct_mgmt 3 , 132.Xr pam_chauthok 3 , 133.Xr pam_setcred 3 , 134.Xr pam_open_session 3 135and 136.Xr pam_close_session 3 137primitives. 138.It Fl T Ar timeout 139Set the conversation timeout (in seconds) for 140.Xr openpam_ttyconv 3 . 141.It Fl t Ar tty 142Specify the name of the tty. 143The default is to use the result of calling 144.Xr ttyname 3 . 145.It Fl U Ar ruser 146Specify the name of the supplicant (remote user). 147.It Fl u Ar user 148Specify the name of the principal (local user). 149.It Fl v 150Enables debug messages from 151.Nm 152itself. 153.El 154.Sh EXAMPLES 155Simulate a typical PAM transaction using the 156.Dq system 157policy: 158.Bd -literal -offset indent 159pamtest -v system auth account change setcred open close unsetcred 160.Ed 161.Sh SEE ALSO 162.Xr openpam 3 , 163.Xr pam 3 , 164.Xr pam.conf 5 165.Sh AUTHORS 166The 167.Nm 168utility and this manual page were written by 169.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . 170.Sh BUGS 171The 172.Nm 173utility does not (yet) support setting and getting individual PAM 174items or environment variables. 175.Pp 176The 177.Nm 178utility does not afford the user complete control over the flags 179passed to the 180.Xr pam_authenticate 3 , 181.Xr pam_acct_mgmt 3 , 182.Xr pam_chauthok 3 , 183.Xr pam_setcred 3 , 184.Xr pam_open_session 3 185and 186.Xr pam_close_session 3 187primitives. 188