Use the list_pam_apps command to check Active Directory and return a list of PAM application rights defined in the currently selected zone. If executed in a script, this command outputs its list to stdout so that the output appears in the shell where the script is executed. The command does not return a Tcl list back to the executing script. Use get_pam_apps to return a Tcl list.

You can only use the list_pam_apps command to return PAM application rights for classic4 and hierarchical zones.

Zone type

Classic and hierarchical






This command takes no options.


This command takes no arguments.

Return value

This command returns a list to stdout of PAM application rights defined in the currently selected zone. Each entry contains the following fields, separated by colons (:):

  • The name of the PAM access right followed by a slash (/) and the zone in which the PAM access right is defined.
  • The name of one or more PAM applications to which the right applies.
  • Text describing the PAM application object.



This example returns a list of PAM application access rights for the selected zone (the following is a subset of the default predefined rights):

dzssh-all/global : dzssh-* : All of ssh services
dzssh-exec/global : dzssh-exec : Command execution
dzssh-scp/global : dzssh-scp : scp
dzssh-sftp/global : dzssh-sftp : sftp
dzssh-shell/global : dzssh-shell : Terminal tty/pty
dzssh-tunnel/global : dzssh-tunnel : Tunnel device forwarding
dzssh-X11-forwarding/global : dzssh-x11-forwarding : X11 forwarding
login-all/global : * : Predefined global PAM permission. Do not delete.

Related commands

Before you use this command, you must have a currently selected zone stored in memory. The following commands enable you to view and select a PAM application object:

  • get_pam_apps returns a Tcl list of PAM applications in the current zone.
  • new_pam_app creates a new PAM application and stores it in memory.
  • select_pam_app retrieves a PAM application from Active Directory and stores it in memory.

After you have a PAM application object stored in memory, you can use the following commands to work with that PAM application:

  • delete_pam_app deletes the selected PAM application from Active Directory and from memory.
  • get_pam_field reads a field value from the currently selected PAM application.
  • save_pam_app saves the selected PAM application with its current settings to Active Directory.
  • set_pam_field sets a field value in the currently selected PAM application.