PAM-modules Manual (split by section):   Section:   Chapter:FastBack: sql   Up: sql   FastForward: ldaphome   Contents: Table of ContentsIndex: Concept Index

6.3 Setting PAM environment from an SQL database.

This is an experimental feature, available when compiled with Linux PAM libraries. It allows to pass some additional information from the database to the application program using PAM environment.

Special configuration keyword setenv-query defines an SQL query for setting the environment. After expanding PAM items (see item expansion), this query is executed and the first tuple (row) is taken from its result. Each column in this tuple creates an environment variable: the column name becomes the name of environment variable, the column value becomes the variable value.

Consider for example, the following SQL table: 

CREATE TABLE userprop (
  username varchar(32),
  dir varchar(128),
  uid int,
  gid int
);

which contains, among others, the following data: 

("smith", "/var/spool/dir/1", 16, 10000)

Let the configuration file contain this query definition: 

setenv-query SELECT dir as home, uid, gid \
             FROM userprop \
             WHERE username='$user'

Now assume that the user ‘smith’ is authenticated using pam_mysql. The setenv-query is executed. Then, after pam_authenticate the PAM environment will contain: 

home=/var/spool/dir/1
uid=16
gid=10000

PAM-modules Manual (split by section):   Section:   Chapter:FastBack: sql   Up: sql   FastForward: ldaphome   Contents: Table of ContentsIndex: Concept Index

This document was generated on August 11, 2021 using makeinfo.

Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.