xref: /netbsd-src/external/bsd/openpam/dist/bin/pamtest/pamtest.1 (revision 37afb7eb6895c833050f8bfb1d1bb2f99f332539) 
1.\"	$NetBSD: pamtest.1,v 1.7 2014/10/24 18:27:12 christos Exp $
2.\"
3.\"-
4.\" Copyright (c) 2011 Dag-Erling Smørgrav
5.\" All rights reserved.
6.\"
7.\" Redistribution and use in source and binary forms, with or without
8.\" modification, are permitted provided that the following conditions
9.\" are met:
10.\" 1. Redistributions of source code must retain the above copyright
11.\"    notice, this list of conditions and the following disclaimer.
12.\" 2. Redistributions in binary form must reproduce the above copyright
13.\"    notice, this list of conditions and the following disclaimer in the
14.\"    documentation and/or other materials provided with the distribution.
15.\" 3. The name of the author may not be used to endorse or promote
16.\"    products derived from this software without specific prior written
17.\"    permission.
18.\"
19.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29.\" SUCH DAMAGE.
30.\"
31.\" Id: pamtest.1 816 2014-09-12 07:50:22Z des
32.\"
33.Dd September 12, 2014
34.Dt PAMTEST 1
35.Os
36.Sh NAME
37.Nm pamtest
38.Nd PAM policy tester
39.Sh SYNOPSIS
40.Nm
41.Op Fl dkMPsv
42.Op Fl H Ar rhost
43.Op Fl h Ar host
44.Op Fl T Ar timeout
45.Op Fl t Ar tty
46.Op Fl U Ar ruser
47.Op Fl u Ar user
48.Ar service
49.Op Ar command ...
50.Sh DESCRIPTION
51The
52.Nm
53utility offers an easy way to test PAM modules and policies from the
54command line.
55.Pp
56The
57.Nm
58utility loads the PAM policy specified by the
59.Ar service
60argument, starts a PAM transaction by calling
61.Xr pam_start 3 ,
62then executes the primitives specified by the remaining command-line
63arguments.
64Finally, it ends the transaction by calling
65.Xr pam_end 3 .
66.Pp
67The commands are:
68.Bl -tag -width 6n
69.It Cm authenticate , Cm auth
70Call
71.Xr pam_authenticate 3 .
72.It Cm acct_mgmt , Cm account
73Call
74.Xr pam_acct_mgmt 3 .
75.It Cm chauthtok , Cm change
76Call
77.Xr pam_chauthtok 3
78with the
79.Dv PAM_CHANGE_EXPIRED_AUTHTOK
80flag set.
81.It Cm forcechauthtok , Cm forcechange
82Call
83.Xr pam_chauthtok 3
84with no flags set.
85.It Cm setcred , Cm establish_cred
86Call
87.Xr pam_setcred 3
88with the
89.Dv PAM_ESTABLISH_CRED
90flag set.
91.It Cm open_session , Cm open
92Call
93.Xr pam_open_session 3 .
94.It Cm close_session , Cm close
95Call
96.Xr pam_close_session 3 .
97.It Cm unsetcred , Cm delete_cred
98Call
99.Xr pam_setcred 3
100with the
101.Dv PAM_DELETE_CRED
102flag set.
103.It Cm listenv , Cm env
104Call
105.Xr pam_getenvlist 3
106and print the contents of the list it returns.
107.El
108.Pp
109The following options are available:
110.Bl -tag -width Fl
111.It Fl d
112Enables debug messages within the OpenPAM library.
113See
114.Xr openpam_log 3
115for details.
116.It Fl H Ar rhost
117Specify the name of the fictitious remote host.
118The default is to use the name of the local host.
119.It Fl h Ar host
120Specify the name of the local host.
121The default is to use the result of calling
122.Xr gethostname 3 .
123.It Fl k
124Keep going even if one of the commands fails.
125.It Fl M
126Disable path, ownership and permission checks on module files.
127.It Fl P
128Disable service name validation and path, ownership and permission
129checks on policy files.
130.It Fl s
131Set the
132.Dv PAM_SILENT
133flag when calling the
134.Xr pam_authenticate 3 ,
135.Xr pam_acct_mgmt 3 ,
136.Xr pam_chauthok 3 ,
137.Xr pam_setcred 3 ,
138.Xr pam_open_session 3
139and
140.Xr pam_close_session 3
141primitives.
142.It Fl T Ar timeout
143Set the conversation timeout (in seconds) for
144.Xr openpam_ttyconv 3 .
145.It Fl t Ar tty
146Specify the name of the tty.
147The default is to use the result of calling
148.Xr ttyname 3 .
149.It Fl U Ar ruser
150Specify the name of the supplicant (remote user).
151.It Fl u Ar user
152Specify the name of the principal (local user).
153.It Fl v
154Enables debug messages from
155.Nm
156itself.
157.El
158.Sh EXAMPLES
159Simulate a typical PAM transaction using the
160.Dq system
161policy:
162.Bd -literal -offset indent
163pamtest -v system auth account change setcred open close unsetcred
164.Ed
165.Sh SEE ALSO
166.Xr openpam 3 ,
167.Xr pam 3 ,
168.Xr pam.conf 5
169.Sh AUTHORS
170The
171.Nm
172utility and this manual page were written by
173.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no .
174.Sh BUGS
175The
176.Nm
177utility does not (yet) support setting and getting individual PAM
178items or environment variables.
179.Pp
180The
181.Nm
182utility does not afford the user complete control over the flags
183passed to the
184.Xr pam_authenticate 3 ,
185.Xr pam_acct_mgmt 3 ,
186.Xr pam_chauthok 3 ,
187.Xr pam_setcred 3 ,
188.Xr pam_open_session 3
189and
190.Xr pam_close_session 3
191primitives.
192