pam_exec, author Petr Novotny, ANTEK CS, Petr.Novotny@antek.cz
This source is copyrighted under GPL
No warranty


This motivation to write this module was primarily to enable Open-SMTP type
of treatment for qmail and PAMified system. It might be used in a zillion
of other cases.

What it does: It always authenticates the user or account (returns
PAM_SUCCESS) and forks/executes another program. In Open-SMTP type
of treatment, that program would append $TCPREMOTEIP to some file and
rebuild the database.

The play there with two forks should prevent zombies; on my system it did.


How to install: Run make; it should create pam_exec.so. Copy pam_exec.so
into /lib/security (or wherever your PAM modules are situated).

How to use: Add
 auth  required  /lib/security/pam_exec.so program_name argv0 [argv1 ...]
or
 account  required  /lib/security/pam_exec.so program_name argv0 [argv1 ...]
to your authentication script (probably in etc/pam.d). You probably want to
add it as the last directive for given type if you want the user to be fully
authenticated by the time the program is invoked. Don't forget that argv0
which should probably be the name of the program without the leading path.
The execution doesn't use PATH environment variable, therefore you should use
the full path with program_name.
