pam-config query enhancement

[slsnow]

Currently if we want to view the pam stack configuration, I have to do something like this:

for i in auth account password session; do cat /etc/pam.d/common-$i ; done | grep -Ev "^$|^([[:space:]])?#"

Can we add some pam-config option for like query all or something like that so we can view the full currently configured pam configuration stack? Or is there already a way to do that that I'm not finding?

Thanks

[thkukuk]

Your command is not showing you the pam stack configuration, it's showing you the content of some random include files for PAM service configuration files. There is no "the one pam stack configuration", you need to decide at first for which service you want to see the stack, afterwards you need to go through that PAM service configuration file and follow all include statements. But this is out of scope of pam-config, pam-config does not manage the PAM stack for single PAM service configs, only several common include files and the service file decides which of them it will use. So e.g. no PAM service will include common-session and common-session-nonlogin at the same time. And only few will include postlogin-* snippets.

[slsnow]

Good points... couldn't pam-config still query all of the common files to display them?

[thkukuk]

Good points... couldn't pam-config still query all of the common files to display them?

I still don't see an use-case for this. And since pam-config has no code for this output, but quite the opposite, this would require quite some engineering effort and changes to the current internal structure, I hesitate to implement something for a questionable purpose. Especially since grep -v '#' /etc/pam.d/*-pc would do the same much quicker and simpler already today.

[slsnow]

No problem, thanks for the response.