set_pam_field

Use the set_pam_field command to set the value for a specified field in the currently selected PAM application right stored in memory. The set_pam_field command does not set a field value stored in Active Directory for this PAM application right.

If you change any fields, you must save the PAM application right using the save_pam_app command for your changes to take effect in Active Directory. If you select another PAM application right or end the ADEdit session before saving the currently selected PAM application right, your changes will be lost.

You can only use the set_pam_field command if the currently selected zone is a classic4 or hierarchical zone. The command does not work in other types of zones.

Zone type

Classic and hierarchical

Syntax

set_pam_field field value

Abbreviation

spf

Options

This command takes no options.

Arguments

This command takes the following arguments:

Argument Type Description

field

string

Required. Specifies the name of the field that you want to set. The possible values are:

  • application: The name of the PAM application that is allowed to use the adclient PAM authentication service. The name can be literal, or it can contain ? or * wildcard characters to specify multiple applications.
  • description: Text describing the PAM application.

Note that in a classic zone, setting the application field changes the name of the PAM application right. For example, assume you create a new PAM application right in a classic zone using a command like this:

new_pam_app myftp

If you then use this command to set the application field like this:

set_pam_field application newftp

The PAM application right itself will be renamed. If you were to use the list_pam_apps command after running the set_pam_field command, the right would be returned as newftp:

list_pam_apps

newftp : Renamed application right

value

 

Required. Specifies the value to assign to the specified field.

In most cases, you can assign an empty string to unset a field value.

Return value

This command returns nothing if it runs successfully.

Examples

set_pam_field application *

This example sets the application field for the current PAM application right to allow PAM access rights to all applications (* is the wildcard for all possible strings).

Related commands

Before you use this command, you must have a currently selected zone stored in memory. The following commands enable you to view and select PAM application rights:

  • get_pam_apps returns a Tcl list of PAM application rights in the current zone.
  • list_pam_apps lists to stdout the PAM application rights in the currently selected zone.
  • new_pam_app creates a new PAM application right and stores it in memory.
  • select_pam_app retrieves a PAM application right from Active Directory and stores it in memory.

After you have a PAM application right stored in memory, you can use the following commands to work with that PAM application right:

  • delete_pam_app deletes the selected PAM application right from Active Directory and from memory.
  • get_pam_field reads a field value from the currently selected PAM application right.
  • save_pam_app saves the selected PAM application right with its current settings to Active Directory.