pam_wrapper(1)
==============
:revdate: 2017-04-06

NAME
----

pam_wrapper - A preloadable wrapper to test PAM applications and PAM Modules

SYNOPSIS
--------

LD_PRELOAD=libpam_wrapper.so PAM_WRAPPER=1 PAM_WRAPPER_SERVICE_DIR=/path_to_config *./myapplication*

DESCRIPTION
-----------

This tool allows you to either test your PAM application or module. For testing
PAM applications we have written a simple PAM module called pam_matrix
(see below). If you plan to test a PAM module you can use the pamtest library
we have implemented. It simplifies testing of modules. You can be combine it
with the cmocka unit testing framework or you can use the provided Python
bindings to write tests for your module in Python.

ENVIRONMENT VARIABLES
---------------------

pam_wrapper is activated and controlled by environment variables. You can set
the following variables:

*PAM_WRAPPER*::

If you load the pam_wrapper and enable it with setting PAM_WRAPPER=1 all PAM
calls will be wrapped so you are able to specify a directory with the service
files pam_wrapper should be using.

*PAM_WRAPPER_SERVICE_DIR*::

The directory to read PAM service files from.

If you want to use pam_matrix (see below) or want to test your own PAM module
you need to specify the absolute path to your module in the service files.

*PAM_WRAPPER_DEBUGLEVEL*::

If you need to see what is going on in pam_wrapper itself or try to find a
bug, you can enable logging support in pam_wrapper if you built it with
debug symbols.

- 0 = ERROR
- 1 = WARNING
- 2 = DEBUG
- 3 = TRACE

*PAM_WRAPPER_USE_SYSLOG*::

By default pam logs will go to the pam_wrapper DEBUG log level and will not
be sent to the syslog. If you want to log to the syslog to you can set this
variable to 1.

*PAM_WRAPPER_KEEP_DIR*::

If this option is set to 1, then pam_wrapper won't delete its temporary
directories. Mostly useful for pam_wrapper development.

EXAMPLE
-------

A service file for pam_wrapper should look like this:

--------------------------------------
auth            required        /usr/lib/pam_wrapper/pam_matrix.so passdb=/path/to/pdb
account         required        /usr/lib/pam_wrapper/pam_matrix.so passdb=/path/to/pdb
password        required        /usr/lib/pam_wrapper/pam_matrix.so passdb=/path/to/pdb
session         required        /usr/lib/pam_wrapper/pam_matrix.so passdb=/path/to/pdb
--------------------------------------

The name of the file should represent the service name used by your PAM
application.

LD_PRELOAD=./libpam_wrapper.so PAM_WRAPPER=1 PAM_WRAPPER_SERVICE_DIR=./pam_services ./my_pam_app

PAM_MATRIX
----------

We offer a module to make testing of PAM applications easier. You find more
information in the pam_matrix(8) manpage.
