1PAM_SM_SETCRED(3)              Linux-PAM Manual              PAM_SM_SETCRED(3)
2
3
4

NAME

6       pam_sm_setcred - PAM service function to alter credentials
7

SYNOPSIS

9       #include <security/pam_modules.h>
10
11       int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc,
12                          const char **argv);
13

DESCRIPTION

15       The pam_sm_setcred function is the service module's implementation of
16       the pam_setcred(3) interface.
17
18       This function performs the task of altering the credentials of the user
19       with respect to the corresponding authorization scheme. Generally, an
20       authentication module may have access to more information about a user
21       than their authentication token. This function is used to make such
22       information available to the application. It should only be called
23       after the user has been authenticated but before a session has been
24       established.
25
26       Valid flags, which may be logically OR'd with PAM_SILENT, are:
27
28       PAM_SILENT
29           Do not emit any messages.
30
31       PAM_ESTABLISH_CRED
32           Initialize the credentials for the user.
33
34       PAM_DELETE_CRED
35           Delete the credentials associated with the authentication service.
36
37       PAM_REINITIALIZE_CRED
38           Reinitialize the user credentials.
39
40       PAM_REFRESH_CRED
41           Extend the lifetime of the user credentials.
42
43       The way the auth stack is navigated in order to evaluate the
44       pam_setcred() function call, independent of the pam_sm_setcred() return
45       codes, is exactly the same way that it was navigated when evaluating
46       the pam_authenticate() library call. Typically, if a stack entry was
47       ignored in evaluating pam_authenticate(), it will be ignored when
48       libpam evaluates the pam_setcred() function call. Otherwise, the return
49       codes from each module specific pam_sm_setcred() call are treated as
50       required.
51

RETURN VALUES

53       PAM_CRED_UNAVAIL
54           This module cannot retrieve the user's credentials.
55
56       PAM_CRED_EXPIRED
57           The user's credentials have expired.
58
59       PAM_CRED_ERR
60           This module was unable to set the credentials of the user.
61
62       PAM_SUCCESS
63           The user credential was successfully set.
64
65       PAM_USER_UNKNOWN
66           The user is not known to this authentication module.
67
68       These, non-PAM_SUCCESS, return values will typically lead to the
69       credential stack failing. The first such error will dominate in the
70       return value of pam_setcred().
71

SEE ALSO

73       pam(3), pam_authenticate(3), pam_setcred(3), pam_sm_authenticate(3),
74       pam_strerror(3), PAM(8)
75
76
77
78Linux-PAM Manual                  09/03/2021                 PAM_SM_SETCRED(3)
Impressum