2 $Id: pam_env.sgml,v 1.1 1997/04/05 06:50:42 morgan Exp $
4 This file was written by Dave Kinchlea <kinch@kinch.ark.com>
8 <sect1>Set/unset environment variables
15 <tag><bf>Module Name:</bf></tag>
18 <tag><bf>Author:</bf></tag>
19 Dave Kinchlea <kinch@kinch.ark.com>
21 <tag><bf>Maintainer:</bf></tag>
24 <tag><bf>Management groups provided:</bf></tag>
25 Authentication (setcred)
27 <tag><bf>Cryptographically sensitive:</bf></tag>
29 <tag><bf>Security rating:</bf></tag>
31 <tag><bf>Clean code base:</bf></tag>
33 <tag><bf>System dependencies:</bf></tag>
34 <tt>/etc/security/pam_env.conf</tt>
36 <tag><bf>Network aware:</bf></tag>
40 <sect2>Overview of module
43 This module allows the (un)setting of environment variables. Supported
44 is the use of previously set environment variables as well as
45 <em>PAM_ITEM</em>s such as <tt>PAM_RHOST</tt>.
47 <sect2>Authentication component
52 <tag><bf>Recognized arguments:</bf></tag>
53 <tt/debug/; <tt/conffile=/<em/configuration-file-name/
55 <tag><bf>Description:</bf></tag>
56 This module allows you to (un)set arbitrary environment variables
57 using fixed strings, the value of previously set environment variables
58 and/or <em/PAM_ITEM/s.
61 All is controlled via a configuration file (by default,
62 <tt>/etc/security/pam_env.conf</tt> but can be overriden with
63 <tt>connfile</tt> argument). Each line starts with the variable name,
64 there are then two possible options for each variable <bf>DEFAULT</bf>
65 and <bf>OVERRIDE</bf>. <bf>DEFAULT</bf> allows and administrator to
66 set the value of the variable to some default value, if none is
67 supplied then the empty string is assumed. The <bf>OVERRIDE</bf>
68 option tells pam_env that it should enter in its value (overriding the
69 default value) if there is one to use. <bf>OVERRIDE</bf> is not used,
70 <tt>""</tt> is assumed and no override will be done.
75 VARIABLE [DEFAULT=[value]] [OVERRIDE=[value]]
80 (Possibly non-existent) environment variables may be used in values
81 using the <tt>${string}</tt> syntax and (possibly
82 non-existent) <em/PAM_ITEM/s may be used in values using the
83 <tt>@{string}</tt> syntax. Both the <tt>$</tt>
84 and <tt>@</tt> characters can be backslash-escaped to be used
85 as literal values (as in <tt>\$</tt>. Double quotes may
86 be used in values (but not environment variable names) when white
87 space is needed <bf>the full value must be delimited by the quotes and
88 embedded or escaped quotes are not supported</bf>.
91 The behavior of this module can be modified with one of the following
98 - write more information to <tt/syslog(3)/.
100 <item><tt/conffile=/<em/filename/
101 - by default the file <tt>/etc/security/pam_env.conf</tt> is used as
102 the configuration file. This option overrides the default. You must
103 supply a complete path + file name.
107 <tag><bf>Examples/suggested usage:</bf></tag>
109 See sample <tt>pam_env.conf</tt> for more information and examples.
114 End of sgml insert for this module.