OverviewNewsDownloadDocumentationDeveloper toolsContact
Imagen izquierda
You are in: Corunix > WebDownloads > ProjectDownloadStable > InstallPamPreprofile_1_1 Edit - Attach

Install and usage of PAM Preprofile module v1.1

We have written a PAM module for Corunix to force script execution at authentication time. The module can be downloaded from here.

This module ensures that some program or script is run each time a user logs into the computer. Now, it isn't necessary to rely on a particular shell to exec the user's .profile, .bash_profile, .bashrc or similar.

Such functionality can be used to create links from the user's home directory to some location, or other needs.

The module was made as a modification of the example module "pam_permit".

Install and usage

To install this module you must compile and copy it into a known location, such as /lib/security. Next, edit /etc/pam.d/X, being X the PAM service you want the module to run at (eg: su, gdm...). Add the following line at the end of the file: 

session required pam_preprofile.so my_program param1 ... paramN

When my_program is called, it will receive param1 ... paramN, plus a paramN+1 being the username that has just been authenticated. For example: 

----
session required pam_preprofile.so /tmp/myprogram.sh /usr/doc
----
#!/bin/sh
# This is /tmp/myprogram.sh
echo "Hello $2. Please, read the docs at $1."
----

Instead of "session", you can use "auth", "password" or "account". This is the meaning of each type:

  • session: Executed once per session
  • auth: Executed each time the user is prompted for a password
  • password: Executed each time the user changes her password
  • account: Executed to perform non-authentication based account management

To enable or disable the command execution on a particular stage at compile time, just define or comment the COMMAND_ON_... symbols in the source code.

In addition, have in mind that when executing the module in auth mode it's advisable to call it after the real authentication modules to avoid executing the script before the user enters a valid password! 

Sample /etc/pam.d/common-auth:
----
auth    requisite       pam_unix.so nullok_secure
auth    optional        pam_smbpass.so migrate missingok

auth    required pam_preprofile.so /tmp/myprogram.sh
----

NOTE:

This module was written and tested on Debian 3.0 (Woody) and Ubuntu Hardy

-- EnriqueOcana - 07 Jul 2008

div class="twikiTopicInfo twikiRevInfo twikiGrayText twikiMoved"<&/div>-->

Igalia, S.L. © A Coruña-Pontevedra (Galicia), 2001-2007 - Aviso Legal - Política de privacidad
Igalia™ is a registered trademark of Igalia, S.L. Powered by TWiki