Permitted values for X are
1 and 2. These
indicate the precise time that the filter is to be run.
To understand this concept it will be useful to have read
the pam(3) manual page.
Basically, for each management group there are up to two ways
of calling the module's functions.
In the case of the authentication and
session components there are actually
two separate functions. For the case of authentication, these
functions are
pam_authenticate(3) and
pam_setcred(3), here run1 means run the
filter from the pam_authenticate function
and run2 means run the filter from
pam_setcred. In the case of the
session modules, run1 implies
that the filter is invoked at the
pam_open_session(3) stage, and run2 for
pam_close_session(3).
For the case of the account component. Either run1 or run2 may be used.
For the case of the password component, run1 is used to indicate that the filter is run on the first occasion of pam_chauthtok(3) (the PAM_PRELIM_CHECK phase) and run2 is used to indicate that the filter is run on the second occasion (the PAM_UPDATE_AUTHTOK phase).
The full pathname of the filter to be run and any command line arguments that the filter might expect.
The new filter was set successfully.
Critical error, immediate abort.
Add the following line to /etc/pam.d/login to
see how to configure login to transpose upper and lower case letters
once the user has logged in:
session required pam_filter.so run1 /lib/security/pam_filter/upperLOWER