The pam_wrapper library

A tool to test PAM applications and PAM modules

Clone with git ยท Report a bug

This component of cwrap allows you to either test your PAM (Linux-PAM and OpenPAM) application or module. For testing PAM applications we have written a simple PAM module called pam_matrix (see below). If you plan to test a PAM module you can use the pamtest library we have implemented. It simplifies testing of modules. You can combine it with the cmocka unit testing framework or you can use the provided Python bindings to write tests for your module in Python.


  • Allows you to test PAM actions such as user logins in applications.
  • Simplifies testing of PAM modules.
  • Provides a C library and python bindings to write simpler tests with less code

Detailed descriptions

  • If you load the pam_wrapper and enable it with setting PAM_WRAPPER=1 all PAM functions like pam_start() and pam_authenticate() calls will work, even as a normal user.
  • You have to specify your directory with service files using PAM_WRAPPER_SERVICE_DIR.
  • Enable debugging of pam_wrapper itself by setting the PAM_WRAPPER_DEBUGLEVEL variable.


Testing PAM application often requires to set up an authentication backend with as little effort as possible. The pam_matrix module allows to authenticate against a key-value text file, provided by an option or with an environment variable.