From mboxrd@z Thu Jan 1 00:00:00 1970 From: Timothy Sample Subject: Re: Customize PAM configuration Date: Sat, 10 Aug 2019 10:44:35 -0400 Message-ID: <87o90xkrl8.fsf@ngyro.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:39497) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hwSbq-00065F-Iv for help-guix@gnu.org; Sat, 10 Aug 2019 10:44:43 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hwSbp-0002Mb-LF for help-guix@gnu.org; Sat, 10 Aug 2019 10:44:42 -0400 Received: from wout4-smtp.messagingengine.com ([64.147.123.20]:50065) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hwSbp-0002KU-9K for help-guix@gnu.org; Sat, 10 Aug 2019 10:44:41 -0400 In-Reply-To: (Jone's message of "Fri, 9 Aug 2019 17:58:07 +0000") List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org Sender: "Help-Guix" To: Jone Cc: help-guix Hi Jone, Jone writes: > Hello! I want enter user/root password only once per session. To do this, > it will probably be convenient to export the password to shell variable. > For example, adding this to PAM configuration file: > > auth sufficient pam_exec.so expose_authtok /path/to/script.sh > > But how to write it in system-config.scm? Sorry, I couldn't find any exam= ples. I don=E2=80=99t fully understand what you are trying to do, but here=E2=80= =99s your example translated into Guix: (operating-system ... (pam-services (append (list (pam-service (name "my-pam-service") ; or whatever (auth (list (pam-entry (control "sufficient") (module "pam_exec.so") (arguments (list "expose_authok" "/path/to/script.sh"))))= ))) (base-pam-services)))) Note that the =E2=80=9Carguments=E2=80=9D field of =E2=80=9Cpam-entry=E2=80= =9D takes G-Expressions. This means that the script you want to execute could be a Guile script built using =E2=80=9Cprogram-file=E2=80=9D. Alternatively, it could be a s= hell script built using =E2=80=9Ccomputed-file=E2=80=9D or some script that is outside = of the store using an absolute path. Hope that helps! -- Tim