1PAM_SM_SETCRED(3) Linux-PAM Manual PAM_SM_SETCRED(3)
2
3
4
6 pam_sm_setcred - PAM service function to alter credentials
7
9 #define PAM_SM_AUTH
10
11 #include <security/pam_modules.h>
12
13 PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc,
14 const char **argv);
15
17 The pam_sm_setcred function is the service module´s implementation of
18 the pam_setcred(3) interface.
19
20 This function performs the task of altering the credentials of the user
21 with respect to the corresponding authorization scheme. Generally, an
22 authentication module may have access to more information about a user
23 than their authentication token. This function is used to make such
24 information available to the application. It should only be called
25 after the user has been authenticated but before a session has been
26 established.
27
28 Valid flags, which may be logically OR´d with PAM_SILENT, are:
29
30 PAM_SILENT
31 Do not emit any messages.
32
33 PAM_ESTABLISH_CRED
34 Initialize the credentials for the user.
35
36 PAM_DELETE_CRED
37 Delete the credentials associated with the authentication service.
38
39 PAM_REINITIALIZE_CRED
40 Reinitialize the user credentials.
41
42 PAM_REFRESH_CRED
43 Extend the lifetime of the user credentials.
44
45 The way the auth stack is navigated in order to evaluate the
46 pam_setcred() function call, independent of the pam_sm_setcred() return
47 codes, is exactly the same way that it was navigated when evaluating
48 the pam_authenticate() library call. Typically, if a stack entry was
49 ignored in evaluating pam_authenticate(), it will be ignored when
50 libpam evaluates the pam_setcred() function call. Otherwise, the return
51 codes from each module specific pam_sm_setcred() call are treated as
52 required.
53
55 PAM_CRED_UNAVAIL
56 This module cannot retrieve the user´s credentials.
57
58 PAM_CRED_EXPIRED
59 The user´s credentials have expired.
60
61 PAM_CRED_ERR
62 This module was unable to set the credentials of the user.
63
64 PAM_SUCCESS
65 The user credential was successfully set.
66
67 PAM_USER_UNKNOWN
68 The user is not known to this authentication module.
69
70 These, non-PAM_SUCCESS, return values will typically lead to the
71 credential stack failing. The first such error will dominate in the
72 return value of pam_setcred().
73
75 pam(3), pam_authenticate(3), pam_setcred(3), pam_sm_authenticate(3),
76 pam_strerror(3), PAM(8)
77
78
79
80Linux-PAM Manual 03/02/2009 PAM_SM_SETCRED(3)