2
$Id: pam_env.sgml,v 1.1 2001/04/29 04:16:54 hartmans Exp $
4
This file was written by Dave Kinchlea <kinch@kinch.ark.com>
8
<sect1>Set/unset environment variables
15
<tag><bf>Module Name:</bf></tag>
18
<tag><bf>Author:</bf></tag>
19
Dave Kinchlea <kinch@kinch.ark.com>
21
<tag><bf>Maintainer:</bf></tag>
24
<tag><bf>Management groups provided:</bf></tag>
25
Authentication (setcred)
27
<tag><bf>Cryptographically sensitive:</bf></tag>
29
<tag><bf>Security rating:</bf></tag>
31
<tag><bf>Clean code base:</bf></tag>
33
<tag><bf>System dependencies:</bf></tag>
34
<tt>/etc/security/pam_env.conf</tt>
36
<tag><bf>Network aware:</bf></tag>
40
<sect2>Overview of module
43
This module allows the (un)setting of environment variables. Supported
44
is the use of previously set environment variables as well as
45
<em>PAM_ITEM</em>s such as <tt>PAM_RHOST</tt>.
47
<sect2>Authentication component
52
<tag><bf>Recognized arguments:</bf></tag>
53
<tt/debug/; <tt/conffile=/<em/configuration-file-name/;
54
<tt/envfile/=<em/env-file-name/; <tt/readenv/=<em/0|1/
56
<tag><bf>Description:</bf></tag>
57
This module allows you to (un)set arbitrary environment variables
58
using fixed strings, the value of previously set environment variables
59
and/or <em/PAM_ITEM/s.
62
All is controlled via a configuration file (by default,
63
<tt>/etc/security/pam_env.conf</tt> but can be overriden with
64
<tt>conffile</tt> argument). Each line starts with the variable name,
65
there are then two possible options for each variable <bf>DEFAULT</bf>
66
and <bf>OVERRIDE</bf>. <bf>DEFAULT</bf> allows an administrator to
67
set the value of the variable to some default value, if none is
68
supplied then the empty string is assumed. The <bf>OVERRIDE</bf>
69
option tells pam_env that it should enter in its value (overriding the
70
default value) if there is one to use. <bf>OVERRIDE</bf> is not used,
71
<tt>""</tt> is assumed and no override will be done.
76
VARIABLE [DEFAULT=[value]] [OVERRIDE=[value]]
81
(Possibly non-existent) environment variables may be used in values
82
using the <tt>${string}</tt> syntax and (possibly
83
non-existent) <em/PAM_ITEM/s may be used in values using the
84
<tt>@{string}</tt> syntax. Both the <tt>$</tt>
85
and <tt>@</tt> characters can be backslash-escaped to be used
86
as literal values (as in <tt>\$</tt>. Double quotes may
87
be used in values (but not environment variable names) when white
88
space is needed <bf>the full value must be delimited by the quotes and
89
embedded or escaped quotes are not supported</bf>.
92
This module can also parse a file with simple <tt>KEY=VAL</tt> pairs
93
on seperate lines (<tt>/etc/environment</tt> by default). You can
94
change the default file to parse, with the <em/envfile/ flag and turn
95
it on or off by setting the <em/readenv/ flag to 1 or 0 respectively.
98
The behavior of this module can be modified with one of the following
105
- write more information to <tt/syslog(3)/.
107
<item><tt/conffile=/<em/filename/
108
- by default the file <tt>/etc/security/pam_env.conf</tt> is used as
109
the configuration file. This option overrides the default. You must
110
supply a complete path + file name.
112
<item><tt/envfile=/<em/filename/
113
- by default the file <tt>/etc/environment</tt> is used to load KEY=VAL
114
pairs directly into the env. This option overrides the default. You must
115
supply a complete path + file name.
117
<item><tt/readenv=/<em/0|1/
118
- turns on or off the reading of the file specified by envfile (0 is off,
119
1 is on). By default this option is on.
123
<tag><bf>Examples/suggested usage:</bf></tag>
125
See sample <tt>pam_env.conf</tt> for more information and examples.
130
End of sgml insert for this module.