Environment variables for PAM

These environment variables can be used to trace PAM issues:

• PAM_SET_DEBUG:

  When set to “1”, trace messages are sent to stderr.

• PAM_TEST_LOG:

  If this environment variable is set, trace messages are sent to the file test.log in the directory/tmp.

These environment variables are available for badmin6.2:

• BADMIN_USE_PLAIN_PASSWORD:

  If this variable is set, a plain text password can be specified on the command line. This is useful for detecting badmin6.2 problems using the command line. This works for the options –chkpasswd and –chgpwd.

• CHECK_PASSWORD_DEBUG=2

  Test whether the password is changeable.

• CHECK_PASSWORD_DEBUG=3

  Test the password warning feature.

• CHECK_PASSWORD_DEBUG=4

  Test the password expire feature. The warning in time is 7 days.

Using PAM has a limitation. The PAM library interface cannot determine the exact number of days when a password will expire. It can only indicate that a password is about to expire.

You can place the resource named pwd_default_warn in the directory:

$BSE/lib/defaults/all

Set the warning indication to a certain value to let the resource supply a number of days. The default is three days.