When authenticating with PAM using the account facility, the PAM_RHOST and PAM_RUSER environment variables are not available. PAM_USER and PAM_SERVICE are exported. According to the PAM documentation, PAM_RUSER and PAM_RHOST should be available to the system.
To reproduce (Usermin 1.480)
- Enable PAM authentication
- Add a default /etc/pam.d/usermin file
- Configure /etc/pam.d/usermin to call pam_exec.so, referencing a script
account required pam_exec.so log=/root/custom_script.log /root/pam_script
On a Debian system
- Have that script check environment variables.
set | grep PAM
- Check the log file for the state of the environemtn when custom_script was called. PAM_RHOST and PAM_RUSER are not present.
Log in to post a comment.