← 返回命令列表

Linux command

pam_debug 命令

文本

复制后可按需替换文件名、目录或参数。

常用示例

Force success

auth optional pam_debug.so auth=success

Force a specific failure

auth optional pam_debug.so auth=auth_err

Mark credentials unavailable

auth optional pam_debug.so cred=cred_unavail

Force account stage failure

account required pam_debug.so acct=acct_expired

Stub out session callbacks

session optional pam_debug.so open_session=success close_session=success

说明

pam_debug is a Linux-PAM testing module that lets administrators script the return value of every PAM service-module hook. It is used to exercise PAM stacks under controlled failure conditions, verify that required, requisite, sufficient, and optional control flags behave as designed, and validate fallback paths in custom stacks. The module performs no authentication of its own: it simply returns the requested code (or PAM_SUCCESS by default) and logs each invocation through syslog so the order in which modules execute can be traced. Each argument applies to exactly one of the four PAM management groups (auth, account, password, session).

参数

auth=_VALUE_
Return code for pam_sm_authenticate.
cred=_VALUE_
Return code for pam_sm_setcred.
acct=_VALUE_
Return code for pam_sm_acct_mgmt.
prechauthtok=_VALUE_
Return code for the PAM_PRELIM_CHECK stage of pam_sm_chauthtok.
chauthtok=_VALUE_
Return code for the PAM_UPDATE_AUTHTOK stage of pam_sm_chauthtok.
open_session=_VALUE_
Return code for pam_sm_open_session.
close_session=_VALUE_
Return code for pam_sm_close_session.

FAQ

What is the pam_debug command used for?

pam_debug is a Linux-PAM testing module that lets administrators script the return value of every PAM service-module hook. It is used to exercise PAM stacks under controlled failure conditions, verify that required, requisite, sufficient, and optional control flags behave as designed, and validate fallback paths in custom stacks. The module performs no authentication of its own: it simply returns the requested code (or PAM_SUCCESS by default) and logs each invocation through syslog so the order in which modules execute can be traced. Each argument applies to exactly one of the four PAM management groups (auth, account, password, session).

How do I run a basic pam_debug example?

Run `auth optional pam_debug.so auth=success` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does auth=_VALUE_ do in pam_debug?

Return code for pam_sm_authenticate.