get_pam_field

Use the get_pam_field command to return the value of a specified field for the currently selected plug-in authentication module (PAM) application object stored in memory. The get_pam_field command does not query Active Directory for the PAM application. If you change field values using ADEdit without saving the PAM application to Active Directory, the field value you retrieve using get_pam_field won’t match the same field value for the PAM application stored in Active Directory.

You can only use the get_pam_field command if the currently selected zone is a classic4 or hierarchical zone. The command does not work in other types of zones.

Zone type

Classic and hierarchical

Syntax

get_pam_field field

Abbreviation

gpf

Options

This command takes no options.

Arguments

This command takes the following argument:

Argument Type Description

field

string

Required. Specifies the case-sensitive name of the field whose value to retrieve. The possible values are:

  • application: The name of the application allowed to use adclient’s PAM authentication service. The name can be literal, or it can contain ? or * wildcard characters to specify multiple applications.
  • description: Text describing the PAM application.
  • createTime: The time and date this PAM application was created, returned in generalized time format.
  • modifyTime: The time and date this PAM application was last modified, returned in generalized time format.
  • dn: the PAM application’s distinguished name.

Return value

This command returns a field value. The data type for this value depends on the field specified.

Examples

get_pam_field application

This example returns the contents of the application field:

ftp

The selected PAM application object specifies ftp can authenticate using adclient.

Related commands

Before you use this command, you must have a currently selected PAM application object stored in memory. The following commands to view and select the PAM application to work with:

  • get_pam_apps returns a Tcl list of PAM application rights in the current zone.
  • list_pam_apps lists to stdout the PAM application rights in the current zone.
  • new_pam_app creates a new PAM application right and stores it in memory.
  • select_pam_app retrieves a PAM application right from Active Directory and stores it in memory.

After you have a PAM application stored in memory, you can use the following commands to work with that PAM application’s attributes, delete the PAM application, or save information for the PAM application:

  • delete_pam_app deletes the selected PAM application right from Active Directory and from memory.
  • get_pam_field reads a field value from the currently selected PAM application right.
  • save_pam_app saves the selected PAM application right with its current settings to Active Directory.
  • set_pam_field sets a field value in the currently selected PAM application right.