pam_get_items (8) - Linux Man Pages
pam_get_items: A PAM test module to retrieve module-specific PAM items
pam_get_items - A PAM test module to retrieve module-specific PAM items
PAM modules store data in PAM items. These items are only accessible from module context, not application context as they might include private data (PAM_AUTHTOK normally contains the password). But when testing PAM modules, it's often nice to make sure a PAM module under test sets items for the next module the way it's supposed to. The pam_get_items module makes this possible by exporting all PAM items as environment variables using pam_putenv. The environment variable name is the same as the constant name of the PAM item.
MODULE TYPES PROVIDED
Consider an example that tests that pam_unix puts the password it reads onto PAM stack. The test service file would contain:
auth required pam_unix.so auth required pam_get_items.so
Then the test would run the PAM conversation and afterwards call:
To retrieve the password.