table of contents
PAM_MATRIX(8) | PAM_MATRIX(8) |
NAME¶
pam_matrix - A PAM test module to retrieve module-specific PAM items
SYNOPSIS¶
pam_matrix.so [...]
DESCRIPTION¶
Testing PAM application often requires to set up an authentication backend with as little effort as possible. The pam_matrix module allows one to authenticate against a key-value text file, provided by an option or with an environment variable.
IMPORTANT¶
pam_matrix is a test tool. It should be considered completely insecure and never used outside test environments! As you’ll see when reading description of the options and actions, many of them don’t make any sense in the real world and were added just to make tests possible.
PASSWORD DATABASE¶
The pam_matrix module authenticates user against a plain-text CSV file. The format of the file is as follows:
username:password:allowed_service
Example: User bob allowed to authenticate with the service sshd
bob:secret:sshd
OPTIONS¶
MODULE TYPES PROVIDED¶
All module types (account, auth, password and session) are supported.
The auth module searches for the user in the passdb file and compares the provided password with the one in the passdb file.
The password module is able to update the password in the passdb file.
The access module compares the service name the PAM conversation was invoked with the allowed service for the user as set in the passdb file.
The session module sets the HOMEDIR PAM environment variable to "/home/%u" where %u stands for the user who opens the session. The variable is unset on session close.
EXAMPLE¶
auth required pam_matrix.so passdb=/tmp/passdb verbose account required pam_matrix.so passdb=/tmp/passdb verbose password required pam_matrix.so passdb=/tmp/passdb verbose session required pam_matrix.so passdb=/tmp/passdb verbose
2015-11-04 |