From mboxrd@z Thu Jan  1 00:00:00 1970
From: Timothy Sample <samplet@ngyro.com>
Subject: Re: Customize PAM configuration
Date: Sat, 10 Aug 2019 10:44:35 -0400
Message-ID: <87o90xkrl8.fsf@ngyro.com>
References: <CAH6o9V-GNPMvxR5tU1M9aW=90t_VWkR8oS966awd1NXGF5dhcg@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:470:142:3::10]:39497)
 by lists.gnu.org with esmtp (Exim 4.86_2)
 (envelope-from <samplet@ngyro.com>) id 1hwSbq-00065F-Iv
 for help-guix@gnu.org; Sat, 10 Aug 2019 10:44:43 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <samplet@ngyro.com>) id 1hwSbp-0002Mb-LF
 for help-guix@gnu.org; Sat, 10 Aug 2019 10:44:42 -0400
Received: from wout4-smtp.messagingengine.com ([64.147.123.20]:50065)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <samplet@ngyro.com>) id 1hwSbp-0002KU-9K
 for help-guix@gnu.org; Sat, 10 Aug 2019 10:44:41 -0400
In-Reply-To: <CAH6o9V-GNPMvxR5tU1M9aW=90t_VWkR8oS966awd1NXGF5dhcg@mail.gmail.com>
 (Jone's message of "Fri, 9 Aug 2019 17:58:07 +0000")
List-Id: <help-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/help-guix>,
 <mailto:help-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/help-guix>
List-Post: <mailto:help-guix@gnu.org>
List-Help: <mailto:help-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/help-guix>,
 <mailto:help-guix-request@gnu.org?subject=subscribe>
Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org
Sender: "Help-Guix" <help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org>
To: Jone <yeger9@gmail.com>
Cc: help-guix <help-guix@gnu.org>

Hi Jone,

Jone <yeger9@gmail.com> writes:

> Hello! I want enter user/root password only once per session. To do this,
> it will probably be convenient to export the password to shell variable.
> For example, adding this to PAM configuration file:
>
>    auth sufficient pam_exec.so expose_authtok /path/to/script.sh
>
> But how to write it in system-config.scm? Sorry, I couldn't find any exam=
ples.

I don=E2=80=99t fully understand what you are trying to do, but here=E2=80=
=99s your
example translated into Guix:

(operating-system
  ...
  (pam-services (append (list (pam-service
                               (name "my-pam-service") ; or whatever
                               (auth (list (pam-entry
                                            (control "sufficient")
                                            (module "pam_exec.so")
                                            (arguments
                                             (list "expose_authok"
                                                   "/path/to/script.sh"))))=
)))
                        (base-pam-services))))

Note that the =E2=80=9Carguments=E2=80=9D field of =E2=80=9Cpam-entry=E2=80=
=9D takes G-Expressions.
This means that the script you want to execute could be a Guile script
built using =E2=80=9Cprogram-file=E2=80=9D.  Alternatively, it could be a s=
hell script
built using =E2=80=9Ccomputed-file=E2=80=9D or some script that is outside =
of the store
using an absolute path.

Hope that helps!


-- Tim