pamtester

https://pamtester.sourceforge.net/

pamtester Utility for testing pluggable authentication modules (PAM) facility

[ Project page | Downloads ] What is pamtester? pamtester is a tiny utility program to test the pluggable authentication modules (PAM) facility, which is a de facto standard of unified authentication management mechanism in many unices and similar OSes including Solaris, HP-UX, *BSD, MacOSX and Linux.

While specifically designed to help PAM module authors to test their modules, that might also be handy for system administrators interested in building a centralised authentication system using common standards such as NIS, SASL and LDAP.

Releases The latest release of pamtester is 0.1.2. You can fetch it from here.

Installation Just run configure and do the ordinary “make install”. Differences between platforms will automatically be handled by the configure script. Let me know if it’s not :)

Using pamtester Synopsis:

pamtester [-v] [-I item=value] [-E var=value] service operation [operation …] pamtester requires at least three arguments to operate. The first argument is service, which provides the name of the service. The second one is user, which provides the name of the user to handle with PAM. The last one is operation, which specifies the operation for PAM to perform. For example, the following set of arguments

pamtester login root open_session instructs the session modules registered to the “login” service to open the session for user “root”.

Supported operations are listed below:

authenticate

Authenticate user. A conversation may subsequently take place to prompt user input for necessary authentication information.

acct_mgmt

Perform account management on user.

open_session

Open a new session for user.

close_session

Close the current session for user.

chauthtok

Change the authentication token currently assigned to user. A conversation may subsequently take place to prompt user input for necessary authentication information.

Note that it is probable some operations eventually need additional privileges to fulfill the request, depending on the service configuration.

More than one operation may be specified at once. In that case the operations are done in the order of occurrence.

Any operation may also be followed by the option flags that are provided between the pair of parenthesis like this:

$ pamtester login root “authenticate(PAM_SILENT)” Flags are all named and combinable or inversible with bitwise operators;

| (OR), & (AND), ^ (XOR) and ~ (NOT) are accepted.

The list of allowed options is shown below:

PAM_SILENT PAM_DISALLOW_NULL_AUTHTOK PAM_ESTABLISH_CRED PAM_REINITIALIZE_CRED PAM_REFRESH_CRED PAM_CHANGE_EXPIRED_AUTHTOK Additional authentication information such as the name of the remote user, the remote host and the tty can be supplied via -I (–item) option. In the following example, the tty name is given using “tty” command.

$ pamtester -I tty=tty login root open_session The following types of information are supported:

service user prompt tty ruser rhost If run with -v (–verbose) option, pamtester generates quite detailed output that describes what is going on behind the scene. Those arguments,

pamtester -v login root open_session close_session will end up with something like below:

pamtester: invoking pam_start(login, root, …) pamtester: performing operation - open_session Linux localhost 0.0.0 #1 Wed Dec 1 00:00:00 GMT 1971 i4004 GNU/Linux pamtester: sucessfully opened a session pamtester: performing operation - close_session pamtester: session has successfully been closed. Reporting bugs Please submit any problem reports or feature requests to the sourceforge’s bug tracking system.