Manpages - pam_sm_setcred.3

Table of Contents

Home DTOS Other Projects Knowledge Base Linux Manpages Community Contribute

NAME

pam_sm_setcred - PAM service function to alter credentials

SYNOPSIS

  #include <security/pam_modules.h>

int pam_sm_setcred(pam_handle_t **/pamh/, int flags, int argc, const char **/argv/);*

DESCRIPTION

The pam_sm_setcred function is the service modules implementation of the *pam_setcred*(3) interface.

This function performs the task of altering the credentials of the user with respect to the corresponding authorization scheme. Generally, an authentication module may have access to more information about a user than their authentication token. This function is used to make such information available to the application. It should only be called after the user has been authenticated but before a session has been established.

Valid flags, which may be logically ORd with PAM_SILENT, are:

PAM_SILENT

Do not emit any messages.

PAM_ESTABLISH_CRED

Initialize the credentials for the user.

PAM_DELETE_CRED

Delete the credentials associated with the authentication service.

PAM_REINITIALIZE_CRED

Reinitialize the user credentials.

PAM_REFRESH_CRED

Extend the lifetime of the user credentials.

The way the auth stack is navigated in order to evaluate the pam_setcred*() function call, independent of the *pam_sm_setcred*() return codes, is exactly the same way that it was navigated when evaluating the *pam_authenticate*() library call. Typically, if a stack entry was ignored in evaluating *pam_authenticate*(), it will be ignored when libpam evaluates the *pam_setcred*() function call. Otherwise, the return codes from each module specific *pam_sm_setcred*() call are treated as *required.

RETURN VALUES

PAM_CRED_UNAVAIL

This module cannot retrieve the users credentials.

PAM_CRED_EXPIRED

The users credentials have expired.

PAM_CRED_ERR

This module was unable to set the credentials of the user.

PAM_SUCCESS

The user credential was successfully set.

PAM_USER_UNKNOWN

The user is not known to this authentication module.

These, non-PAM_SUCCESS, return values will typically lead to the credential stack failing. The first such error will dominate in the return value of *pam_setcred*().

SEE ALSO

*pam*(3), *pam_authenticate*(3), *pam_setcred*(3), *pam_sm_authenticate*(3), *pam_strerror*(3), *PAM*(8)

Author: dt

Created: 2022-02-20 Sun 18:45