Module Name: Author: Dave Kinchlea <kinch@kinch.ark.com> Maintainer: Author Management groups provided: Authentication (setcred) Cryptographically sensitive: Security rating: Clean code base: System dependencies: /etc/security/pam_env.conf Network aware: Overview of module

This module allows the (un)setting of environment variables. Supported is the use of previously set environment variables as well as PAM_ITEMs such as PAM_RHOST. Authentication component

Recognized arguments: Description: This module allows you to (un)set arbitrary environment variables using fixed strings, the value of previously set environment variables and/or All is controlled via a configuration file (by default, /etc/security/pam_env.conf but can be overriden with conffile argument). Each line starts with the variable name, there are then two possible options for each variable DEFAULT and OVERRIDE. DEFAULT allows an administrator to set the value of the variable to some default value, if none is supplied then the empty string is assumed. The OVERRIDE option tells pam_env that it should enter in its value (overriding the default value) if there is one to use. OVERRIDE is not used, "" is assumed and no override will be done.

VARIABLE [DEFAULT=[value]] [OVERRIDE=[value]]

(Possibly non-existent) environment variables may be used in values using the ${string} syntax and (possibly non-existent) @{string} syntax. Both the $ and @ characters can be backslash-escaped to be used as literal values (as in \$. Double quotes may be used in values (but not environment variable names) when white space is needed the full value must be delimited by the quotes and embedded or escaped quotes are not supported.

This module can also parse a file with simple KEY=VAL pairs on seperate lines (/etc/environment by default). You can change the default file to parse, with the The behavior of this module can be modified with one of the following flags:

/etc/security/pam_env.conf is used as the configuration file. This option overrides the default. You must supply a complete path + file name. /etc/environment is used to load KEY=VAL pairs directly into the env. This option overrides the default. You must supply a complete path + file name. Examples/suggested usage: See sample pam_env.conf for more information and examples.