Quotes in pam_exec command

[dakhnod]

I have set up this configuration line in common-auth:

auth    sufficient                      pam_exec.so debug expose_authtok seteuid /bin/bash -c 'echo "$(cat)"'

This, however, yields the error

"$(cat)"': -c: line 1: unexpected EOF while looking for matching `''

To me, it seems like some parser is getting tangled up in quotes. Does anyone have an Idea on how to solve this?

[stoeckmann]

This should work for you:

auth    sufficient                      pam_exec.so debug expose_authtok seteuid /bin/bash -c [echo "$(cat)"]

The PAM configuration needs square brackets to take single arguments containing whitespaces, instead of single/double quotes you are used from bash.

And don't forget that stdout is required if you actually want to see something. In this case, the entered authentication token ...

[dakhnod]

Thanks, will try! Just out of curiosity, are those square brackets a common pattern? Why did you chose brackets over quotes?

[stoeckmann]

I've seen this pattern when reading the code a few months ago: https://github.com/linux-pam/linux-pam/blob/master/libpam/pam_misc.c#L66

But it's also documented in pam.conf(5): https://github.com/linux-pam/linux-pam/blob/master/doc/man/pam.conf-syntax.xml#L391

[dakhnod]

works! thanks!