PAM-modules Manual (split by chapter):   Section:   Chapter:FastBack: Intro   Up: Top   FastForward: fshadow   Contents: Table of ContentsIndex: Concept Index

2 Verify PAM Access

The pamck utility checks if a user can be authenticated using PAM. The user name is specified in the command line, so the simplest invocation is:

$ pamck user

When used this way, pamck first authenticates ‘user’, by calling pam_authenticate, and then performs account management (pam_acct_mgmt). If both functions return success, the utility prints ‘OK’ on the standard output and exits with zero code. In case of failure, it displays diagnostics on standard error and exits with error code 2.

It exits with code 1 in case of usage error (e.g. wrong command line option).

If password is required, the utility asks about it, and waits for the user input. When reading user input, terminal echo is turned off to prevent password compromising.

Alternatively, the password may be given on the command line, as the second argument:

$ pamck user pass

By default, pamck uses PAM service ‘check’. Another service name may be supplied using the -s command line option:

$ pamck -s login user

The -g command line option allows to select the PAM management group to check. It takes the name of the group as an argument. Allowed group names are:

auth

Authentication group. Call pam_authenticate.

acct

Account management. Call pam_acct_mgmt.

open

Session management. Call pam_open_session.

close

Session management. Call pam_close_session.

pass

Password management. Call pam_chauthtok.

The following table summarizes available command line options:

-s service

Select service name to use.

-g group

Select PAM management group to check.

-h

Print short help summary and exit.

-v

Print program version and copyright information and exit.

PAM-modules Manual (split by chapter):   Section:   Chapter:FastBack: Intro   Up: Top   FastForward: fshadow   Contents: Table of ContentsIndex: Concept Index