1.\"- 2.\" Copyright (c) 2011 Dag-Erling Smørgrav 3.\" All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright 9.\" notice, this list of conditions and the following disclaimer. 10.\" 2. Redistributions in binary form must reproduce the above copyright 11.\" notice, this list of conditions and the following disclaimer in the 12.\" documentation and/or other materials provided with the distribution. 13.\" 3. The name of the author may not be used to endorse or promote 14.\" products derived from this software without specific prior written 15.\" permission. 16.\" 17.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 21.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27.\" SUCH DAMAGE. 28.\" 29.\" $Id: pamtest.1 816 2014-09-12 07:50:22Z des $ 30.\" 31.Dd September 12, 2014 32.Dt PAMTEST 1 33.Os 34.Sh NAME 35.Nm pamtest 36.Nd PAM policy tester 37.Sh SYNOPSIS 38.Nm 39.Op Fl dkMPsv 40.Op Fl H Ar rhost 41.Op Fl h Ar host 42.Op Fl T Ar timeout 43.Op Fl t Ar tty 44.Op Fl U Ar ruser 45.Op Fl u Ar user 46.Ar service 47.Op Ar command ... 48.Sh DESCRIPTION 49The 50.Nm 51utility offers an easy way to test PAM modules and policies from the 52command line. 53.Pp 54The 55.Nm 56utility loads the PAM policy specified by the 57.Ar service 58argument, starts a PAM transaction by calling 59.Xr pam_start 3 , 60then executes the primitives specified by the remaining command-line 61arguments. 62Finally, it ends the transaction by calling 63.Xr pam_end 3 . 64.Pp 65The commands are: 66.Bl -tag -width 6n 67.It Cm authenticate , Cm auth 68Call 69.Xr pam_authenticate 3 . 70.It Cm acct_mgmt , Cm account 71Call 72.Xr pam_acct_mgmt 3 . 73.It Cm chauthtok , Cm change 74Call 75.Xr pam_chauthtok 3 76with the 77.Dv PAM_CHANGE_EXPIRED_AUTHTOK 78flag set. 79.It Cm forcechauthtok , Cm forcechange 80Call 81.Xr pam_chauthtok 3 82with no flags set. 83.It Cm setcred , Cm establish_cred 84Call 85.Xr pam_setcred 3 86with the 87.Dv PAM_ESTABLISH_CRED 88flag set. 89.It Cm open_session , Cm open 90Call 91.Xr pam_open_session 3 . 92.It Cm close_session , Cm close 93Call 94.Xr pam_close_session 3 . 95.It Cm unsetcred , Cm delete_cred 96Call 97.Xr pam_setcred 3 98with the 99.Dv PAM_DELETE_CRED 100flag set. 101.It Cm listenv , Cm env 102Call 103.Xr pam_getenvlist 3 104and print the contents of the list it returns. 105.El 106.Pp 107The following options are available: 108.Bl -tag -width Fl 109.It Fl d 110Enables debug messages within the OpenPAM library. 111See 112.Xr openpam_log 3 113for details. 114.It Fl H Ar rhost 115Specify the name of the fictitious remote host. 116The default is to use the name of the local host. 117.It Fl h Ar host 118Specify the name of the local host. 119The default is to use the result of calling 120.Xr gethostname 3 . 121.It Fl k 122Keep going even if one of the commands fails. 123.It Fl M 124Disable path, ownership and permission checks on module files. 125.It Fl P 126Disable service name validation and path, ownership and permission 127checks on policy files. 128.It Fl s 129Set the 130.Dv PAM_SILENT 131flag when calling the 132.Xr pam_authenticate 3 , 133.Xr pam_acct_mgmt 3 , 134.Xr pam_chauthok 3 , 135.Xr pam_setcred 3 , 136.Xr pam_open_session 3 137and 138.Xr pam_close_session 3 139primitives. 140.It Fl T Ar timeout 141Set the conversation timeout (in seconds) for 142.Xr openpam_ttyconv 3 . 143.It Fl t Ar tty 144Specify the name of the tty. 145The default is to use the result of calling 146.Xr ttyname 3 . 147.It Fl U Ar ruser 148Specify the name of the supplicant (remote user). 149.It Fl u Ar user 150Specify the name of the principal (local user). 151.It Fl v 152Enables debug messages from 153.Nm 154itself. 155.El 156.Sh EXAMPLES 157Simulate a typical PAM transaction using the 158.Dq system 159policy: 160.Bd -literal -offset indent 161pamtest -v system auth account change setcred open close unsetcred 162.Ed 163.Sh SEE ALSO 164.Xr openpam 3 , 165.Xr pam 3 , 166.Xr pam.conf 5 167.Sh AUTHORS 168The 169.Nm 170utility and this manual page were written by 171.An Dag-Erling Sm\(/orgrav Aq des@des.no . 172.Sh BUGS 173The 174.Nm 175utility does not (yet) support setting and getting individual PAM 176items or environment variables. 177.Pp 178The 179.Nm 180utility does not afford the user complete control over the flags 181passed to the 182.Xr pam_authenticate 3 , 183.Xr pam_acct_mgmt 3 , 184.Xr pam_chauthok 3 , 185.Xr pam_setcred 3 , 186.Xr pam_open_session 3 187and 188.Xr pam_close_session 3 189primitives. 190