PAM_EXEC(8)		  BSD System Manager's Manual		   PAM_EXEC(8)

NAME
     pam_exec — Exec PAM module

SYNOPSIS
     [service-name] module-type control-flag pam_exec [arguments]

DESCRIPTION
     The exec service module for PAM executes the program designated by its
     first argument if no options are specified, with its remaining arguments
     as command-line arguments.  If options are specified, the program and its
     arguments follow the last option or -- if the program name conflicts with
     an option name.

     The following options may be passed before the program and its arguments:

     return_prog_exit_status  Use the program exit status as the return code
			      of the pam_sm_* function.  It must be a valid
			      return value for this function.

     -- 		      Stop options parsing; program and its arguments
			      follow.

     The child's environment is set to the current PAM environment list, as
     returned by pam_getenvlist(3).  In addition, the following PAM items are
     exported as environment variables: PAM_RHOST, PAM_RUSER, PAM_SERVICE,
     PAM_SM_FUNC, PAM_TTY and PAM_USER.

     The PAM_SM_FUNC variable contains the name of the PAM service module
     function being called.  It may be:
	   -   pam_sm_acct_mgmt
	   -   pam_sm_authenticate
	   -   pam_sm_chauthtok
	   -   pam_sm_close_session
	   -   pam_sm_open_session
	   -   pam_sm_setcred

     If return_prog_exit_status is not set (default), the PAM_SM_FUNC function
     returns PAM_SUCCESS if the program exit status is 0, PAM_PERM_DENIED oth‐
     erwise.

     If return_prog_exit_status is set, the program exit status is used.  It
     should be PAM_SUCCESS or one of the error codes allowed by the calling
     PAM_SM_FUNC function.  The valid codes are documented in each function
     man page.	If the exit status is not a valid return code, PAM_SERVICE_ERR
     is returned.  Each valid codes numerical value is available as an envi‐
     ronment variable (eg. PAM_SUCESS, PAM_USER_UNKNOWN, etc).	This is useful
     in shell scripts for instance.

SEE ALSO
     pam_get_item(3), pam.conf(5), pam(8), pam_sm_acct_mgmt(8),
     pam_sm_authenticate(8), pam_sm_chauthtok(8), pam_sm_close_session(8),
     pam_sm_open_session(8), pam_sm_setcred(8)

AUTHORS
     The pam_exec module and this manual page were developed for the FreeBSD
     Project by ThinkSec AS and NAI Labs, the Security Research Division of
     Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
     (“CBOSS”), as part of the DARPA CHATS research program.

BSD			       February 8, 2012 			   BSD