blob: a62f4576f132618247e42ad86925dd05bd3a152c (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
<!--
$Id: pam_env.sgml,v 1.1 1997/04/05 06:50:42 morgan Exp $
This file was written by Dave Kinchlea <kinch@kinch.ark.com>
Ed. AGM
-->
<sect1>Set/unset environment variables
<sect2>Synopsis
<p>
<descrip>
<tag><bf>Module Name:</bf></tag>
<tt/pam_env/
<tag><bf>Author:</bf></tag>
Dave Kinchlea <kinch@kinch.ark.com>
<tag><bf>Maintainer:</bf></tag>
Author
<tag><bf>Management groups provided:</bf></tag>
Authentication (setcred)
<tag><bf>Cryptographically sensitive:</bf></tag>
<tag><bf>Security rating:</bf></tag>
<tag><bf>Clean code base:</bf></tag>
<tag><bf>System dependencies:</bf></tag>
<tt>/etc/security/pam_env.conf</tt>
<tag><bf>Network aware:</bf></tag>
</descrip>
<sect2>Overview of module
<p>
This module allows the (un)setting of environment variables. Supported
is the use of previously set environment variables as well as
<em>PAM_ITEM</em>s such as <tt>PAM_RHOST</tt>.
<sect2>Authentication component
<p>
<descrip>
<tag><bf>Recognized arguments:</bf></tag>
<tt/debug/; <tt/conffile=/<em/configuration-file-name/
<tag><bf>Description:</bf></tag>
This module allows you to (un)set arbitrary environment variables
using fixed strings, the value of previously set environment variables
and/or <em/PAM_ITEM/s.
<p>
All is controlled via a configuration file (by default,
<tt>/etc/security/pam_env.conf</tt> but can be overriden with
<tt>connfile</tt> argument). Each line starts with the variable name,
there are then two possible options for each variable <bf>DEFAULT</bf>
and <bf>OVERRIDE</bf>. <bf>DEFAULT</bf> allows and administrator to
set the value of the variable to some default value, if none is
supplied then the empty string is assumed. The <bf>OVERRIDE</bf>
option tells pam_env that it should enter in its value (overriding the
default value) if there is one to use. <bf>OVERRIDE</bf> is not used,
<tt>""</tt> is assumed and no override will be done.
<p>
<tscreen>
<verb>
VARIABLE [DEFAULT=[value]] [OVERRIDE=[value]]
</verb>
</tscreen>
<p>
(Possibly non-existent) environment variables may be used in values
using the <tt>${string}</tt> syntax and (possibly
non-existent) <em/PAM_ITEM/s may be used in values using the
<tt>@{string}</tt> syntax. Both the <tt>$</tt>
and <tt>@</tt> characters can be backslash-escaped to be used
as literal values (as in <tt>\$</tt>. Double quotes may
be used in values (but not environment variable names) when white
space is needed <bf>the full value must be delimited by the quotes and
embedded or escaped quotes are not supported</bf>.
<p>
The behavior of this module can be modified with one of the following
flags:
<p>
<itemize>
<item><tt/debug/
- write more information to <tt/syslog(3)/.
<item><tt/conffile=/<em/filename/
- by default the file <tt>/etc/security/pam_env.conf</tt> is used as
the configuration file. This option overrides the default. You must
supply a complete path + file name.
</itemize>
<tag><bf>Examples/suggested usage:</bf></tag>
See sample <tt>pam_env.conf</tt> for more information and examples.
</descrip>
<!--
End of sgml insert for this module.
-->
|