list_pam_apps command to check Active Directory and return a list of PAM application rights defined in the currently selected zone. If executed in a script, this command outputs its list to
stdout so that the output appears in the shell where the script is executed. The command does not return a Tcl list back to the executing script. Use
get_pam_apps to return a Tcl list.
You can only use the
list_pam_apps command to return PAM application rights for classic4 and hierarchical zones.
Classic and hierarchical
This command takes no options.
This command takes no arguments.
This command returns a list to
stdout of PAM application rights defined in the currently selected zone. Each entry contains the following fields, separated by colons (:):
- The name of the PAM access right followed by a slash (/) and the zone in which the PAM access right is defined.
- The name of one or more PAM applications to which the right applies.
- Text describing the PAM application object.
This example returns a list of PAM application access rights for the selected zone (the following is a subset of the default predefined rights):
dzssh-all/global : dzssh-* : All of ssh services dzssh-exec/global : dzssh-exec : Command execution dzssh-scp/global : dzssh-scp : scp dzssh-sftp/global : dzssh-sftp : sftp dzssh-shell/global : dzssh-shell : Terminal tty/pty dzssh-tunnel/global : dzssh-tunnel : Tunnel device forwarding dzssh-X11-forwarding/global : dzssh-x11-forwarding : X11 forwarding login-all/global : * : Predefined global PAM permission. Do not delete.
Before you use this command, you must have a currently selected zone stored in memory. The following commands enable you to view and select a PAM application object:
- get_pam_apps returns a Tcl list of PAM applications in the current zone.
- new_pam_app creates a new PAM application and stores it in memory.
- select_pam_app retrieves a PAM application from Active Directory and stores it in memory.
After you have a PAM application object stored in memory, you can use the following commands to work with that PAM application:
- delete_pam_app deletes the selected PAM application from Active Directory and from memory.
- get_pam_field reads a field value from the currently selected PAM application.
- save_pam_app saves the selected PAM application with its current settings to Active Directory.
- set_pam_field sets a field value in the currently selected PAM application.