list_pam_apps
Use the list_pam_apps
command to check Active Directory and return a list of PAM application rights defined in the currently selected zone. If executed in a script, this command outputs its list to stdout
so that the output appears in the shell where the script is executed. The command does not return a Tcl list back to the executing script. Use get_pam_apps
to return a Tcl list.
You can only use the list_pam_apps
command to return PAM application rights for classic4 and hierarchical zones.
Zone type
Classic and hierarchical
Syntax
list_pam_apps
Abbreviation
lspa
Options
This command takes no options.
Arguments
This command takes no arguments.
Return value
This command returns a list to stdout
of PAM application rights defined in the currently selected zone. Each entry contains the following fields, separated by colons (:):
- The name of the PAM access right followed by a slash (/) and the zone in which the PAM access right is defined.
- The name of one or more PAM applications to which the right applies.
- Text describing the PAM application object.
Examples
list_pam_apps
This example returns a list of PAM application access rights for the selected zone (the following is a subset of the default predefined rights):
dzssh-all/global : dzssh-* : All of ssh services dzssh-exec/global : dzssh-exec : Command execution dzssh-scp/global : dzssh-scp : scp dzssh-sftp/global : dzssh-sftp : sftp dzssh-shell/global : dzssh-shell : Terminal tty/pty dzssh-tunnel/global : dzssh-tunnel : Tunnel device forwarding dzssh-X11-forwarding/global : dzssh-x11-forwarding : X11 forwarding login-all/global : * : Predefined global PAM permission. Do not delete.
Related commands
Before you use this command, you must have a currently selected zone stored in memory. The following commands enable you to view and select a PAM application object:
- get_pam_apps returns a Tcl list of PAM applications in the current zone.
- new_pam_app creates a new PAM application and stores it in memory.
- select_pam_app retrieves a PAM application from Active Directory and stores it in memory.
After you have a PAM application object stored in memory, you can use the following commands to work with that PAM application:
- delete_pam_app deletes the selected PAM application from Active Directory and from memory.
- get_pam_field reads a field value from the currently selected PAM application.
- save_pam_app saves the selected PAM application with its current settings to Active Directory.
- set_pam_field sets a field value in the currently selected PAM application.