list_pam_apps

Use the list_pam_apps command to check Active Directory and return a list of PAM application rights defined in the currently selected zone. If executed in a script, this command outputs its list to stdout so that the output appears in the shell where the script is executed. The command does not return a Tcl list back to the executing script. Use get_pam_apps to return a Tcl list.

You can only use the list_pam_apps command to return PAM application rights for classic4 and hierarchical zones.

Zone type

Classic and hierarchical

Syntax

list_pam_apps

Abbreviation

lspa

Options

This command takes no options.

Arguments

This command takes no arguments.

Return value

This command returns a list to stdout of PAM application rights defined in the currently selected zone. Each entry contains the following fields, separated by colons (:):

  • The name of the PAM access right followed by a slash (/) and the zone in which the PAM access right is defined.
  • The name of one or more PAM applications to which the right applies.
  • Text describing the PAM application object.

Examples

list_pam_apps

This example returns a list of PAM application access rights for the selected zone (the following is a subset of the default predefined rights):

dzssh-all/global : dzssh-* : All of ssh services
dzssh-exec/global : dzssh-exec : Command execution
dzssh-scp/global : dzssh-scp : scp
dzssh-sftp/global : dzssh-sftp : sftp
dzssh-shell/global : dzssh-shell : Terminal tty/pty
dzssh-tunnel/global : dzssh-tunnel : Tunnel device forwarding
dzssh-X11-forwarding/global : dzssh-x11-forwarding : X11 forwarding
login-all/global : * : Predefined global PAM permission. Do not delete.

Related commands

Before you use this command, you must have a currently selected zone stored in memory. The following commands enable you to view and select a PAM application object:

  • get_pam_apps returns a Tcl list of PAM applications in the current zone.
  • new_pam_app creates a new PAM application and stores it in memory.
  • select_pam_app retrieves a PAM application from Active Directory and stores it in memory.

After you have a PAM application object stored in memory, you can use the following commands to work with that PAM application:

  • delete_pam_app deletes the selected PAM application from Active Directory and from memory.
  • get_pam_field reads a field value from the currently selected PAM application.
  • save_pam_app saves the selected PAM application with its current settings to Active Directory.
  • set_pam_field sets a field value in the currently selected PAM application.