pam_sm_setcred
3
Linux-PAM
Linux-PAM Manual
pam_sm_setcred
PAM service function to alter credentials
#include <security/pam_modules.h>
int pam_sm_setcred
pam_handle_t *pamh
int flags
int argc
const char **argv
DESCRIPTION
The pam_sm_setcred function is the service
module's implementation of the
pam_setcred3
interface.
This function performs the task of altering the credentials of the
user with respect to the corresponding authorization
scheme. Generally, an authentication module may have access to more
information about a user than their authentication token. This
function is used to make such information available to the
application. It should only be called after the
user has been authenticated but before a session has been established.
Valid flags, which may be logically OR'd with
PAM_SILENT, are:
PAM_SILENT
Do not emit any messages.
PAM_ESTABLISH_CRED
Initialize the credentials for the user.
PAM_DELETE_CRED
Delete the credentials associated with the authentication service.
PAM_REINITIALIZE_CRED
Reinitialize the user credentials.
PAM_REFRESH_CRED
Extend the lifetime of the user credentials.
The way the auth stack is
navigated in order to evaluate the pam_setcred()
function call, independent of the pam_sm_setcred()
return codes, is exactly the same way that it was navigated when
evaluating the pam_authenticate() library
call. Typically, if a stack entry was ignored in evaluating
pam_authenticate(), it will be ignored when
libpam evaluates the pam_setcred() function
call. Otherwise, the return codes from each module specific
pam_sm_setcred() call are treated as
required.
RETURN VALUES
PAM_CRED_UNAVAIL
This module cannot retrieve the user's credentials.
PAM_CRED_EXPIRED
The user's credentials have expired.
PAM_CRED_ERR
This module was unable to set the credentials of the user.
PAM_SUCCESS
The user credential was successfully set.
PAM_USER_UNKNOWN
The user is not known to this authentication module.
These, non-PAM_SUCCESS, return values will
typically lead to the credential stack failing.
The first such error will dominate in the return value of
pam_setcred().
SEE ALSO
pam3
,
pam_authenticate3
,
pam_setcred3
,
pam_sm_authenticate3
,
pam_strerror3
,
PAM8