pam_sm_setcred(3) — Linux manual page


PAM_SM_SETCRED(3)             Linux-PAM Manual             PAM_SM_SETCRED(3)

NAME         top

       pam_sm_setcred - PAM service function to alter credentials

SYNOPSIS         top

       #define PAM_SM_AUTH

       #include <security/pam_modules.h>

       int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc,
                          const char **argv);

DESCRIPTION         top

       The pam_sm_setcred function is the service module's implementation of
       the pam_setcred(3) interface.

       This function performs the task of altering the credentials of the
       user with respect to the corresponding authorization scheme.
       Generally, an authentication module may have access to more
       information about a user than their authentication token. This
       function is used to make such information available to the
       application. It should only be called after the user has been
       authenticated but before a session has been established.

       Valid flags, which may be logically OR'd with PAM_SILENT, are:

           Do not emit any messages.

           Initialize the credentials for the user.

           Delete the credentials associated with the authentication

           Reinitialize the user credentials.

           Extend the lifetime of the user credentials.

       The way the auth stack is navigated in order to evaluate the
       pam_setcred() function call, independent of the pam_sm_setcred()
       return codes, is exactly the same way that it was navigated when
       evaluating the pam_authenticate() library call. Typically, if a stack
       entry was ignored in evaluating pam_authenticate(), it will be
       ignored when libpam evaluates the pam_setcred() function call.
       Otherwise, the return codes from each module specific
       pam_sm_setcred() call are treated as required.

RETURN VALUES         top

           This module cannot retrieve the user's credentials.

           The user's credentials have expired.

           This module was unable to set the credentials of the user.

           The user credential was successfully set.

           The user is not known to this authentication module.

       These, non-PAM_SUCCESS, return values will typically lead to the
       credential stack failing. The first such error will dominate in the
       return value of pam_setcred().

SEE ALSO         top

       pam(3), pam_authenticate(3), pam_setcred(3), pam_sm_authenticate(3),
       pam_strerror(3), PAM(8)

COLOPHON         top

       This page is part of the linux-pam (Pluggable Authentication Modules
       for Linux) project.  Information about the project can be found at 
       ⟨⟩.  If you have a bug report for this manual
       page, see ⟨//⟩.  This page was obtained from the
       tarball Linux-PAM-1.3.0.tar.bz2 fetched from
       ⟨⟩ on 2020-06-09.  If you discover
       any rendering problems in this HTML version of the page, or you
       believe there is a better or more up-to-date source for the page, or
       you have corrections or improvements to the information in this
       COLOPHON (which is not part of the original manual page), send a mail

Linux-PAM Manual                 04/01/2016                PAM_SM_SETCRED(3)

Pages that refer to this page: pam_sm_authenticate(3)pam(8)PAM(8)pam_debug(8)