mirrors/linux-pam
0
0
Fork 0
mirror of https://github.com/linux-pam/linux-pam.git synced 2024-11-23 09:43:36 +08:00
Code Issues Packages Projects Releases Wiki Activity
master
linux-pam/doc/man/pam_sm_setcred.3.xml
Stefan Schubert cf2fc5ff7b doc: Update PAM documentation from DockBook 4 to DocBook 5 
Changed files
--------------

Make.xml.rules.in:
- Using RNG file instead of DTD file for checking XML files.
- Taking the correct stylesheet for README files.

doc/sag/Makefile.am, doc/adg/Makefile.am, doc/mwg/Makefile.am:
- Using RNG file instead of DTD file for checking XML files.

configure.ac:
- Adding a new option for selecting RNG check file (-enable-docbook-rng)
- Switching stylesheets to docbook 5
- Checking DocBook 5 environment instead of DocBook 4 environment

*.xml:
Update from DockBook 4 to DocBook 5
2022-12-16 10:31:37 +01:00

182 lines
6.1 KiB
XML
Raw Permalink Blame History

<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="pam_sm_setcred">
<refmeta>
<refentrytitle>pam_sm_setcred</refentrytitle>
<manvolnum>3</manvolnum>
<refmiscinfo class="source">Linux-PAM</refmiscinfo>
<refmiscinfo class="manual">Linux-PAM Manual</refmiscinfo>
</refmeta>
<refnamediv xml:id="pam_sm_setcred-name">
<refname>pam_sm_setcred</refname>
<refpurpose>PAM service function to alter credentials</refpurpose>
</refnamediv>
<!-- body begins here -->
<refsynopsisdiv>
<funcsynopsis xml:id="pam_sm_setcred-synopsis">
<funcsynopsisinfo>#include &lt;security/pam_modules.h&gt;</funcsynopsisinfo>
<funcprototype>
<funcdef>int <function>pam_sm_setcred</function></funcdef>
<paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef>
<paramdef>int <parameter>flags</parameter></paramdef>
<paramdef>int <parameter>argc</parameter></paramdef>
<paramdef>const char **<parameter>argv</parameter></paramdef>
</funcprototype>
</funcsynopsis>
</refsynopsisdiv>
<refsect1 xml:id="pam_sm_setcred-description">
<title>DESCRIPTION</title>
<para>
The <function>pam_sm_setcred</function> function is the service
module's implementation of the
<citerefentry>
<refentrytitle>pam_setcred</refentrytitle><manvolnum>3</manvolnum>
</citerefentry> interface.
</para>
<para>
This function performs the task of altering the credentials of the
user with respect to the corresponding authorization
scheme. Generally, an authentication module may have access to more
information about a user than their authentication token. This
function is used to make such information available to the
application. It should only be called <emphasis>after</emphasis> the
user has been authenticated but before a session has been established.
</para>
<para>
Valid flags, which may be logically OR'd with
<emphasis>PAM_SILENT</emphasis>, are:
</para>
<variablelist>
<varlistentry>
<term>PAM_SILENT</term>
<listitem>
<para>
Do not emit any messages.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_ESTABLISH_CRED</term>
<listitem>
<para>Initialize the credentials for the user.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_DELETE_CRED</term>
<listitem>
<para>
Delete the credentials associated with the authentication service.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_REINITIALIZE_CRED</term>
<listitem>
<para>
Reinitialize the user credentials.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_REFRESH_CRED</term>
<listitem>
<para>
Extend the lifetime of the user credentials.
</para>
</listitem>
</varlistentry>
</variablelist>
<para>
The way the <emphasis remap="B">auth</emphasis> stack is
navigated in order to evaluate the <function>pam_setcred</function>()
function call, independent of the <function>pam_sm_setcred</function>()
return codes, is exactly the same way that it was navigated when
evaluating the <function>pam_authenticate</function>() library
call. Typically, if a stack entry was ignored in evaluating
<function>pam_authenticate</function>(), it will be ignored when
libpam evaluates the <function>pam_setcred</function>() function
call. Otherwise, the return codes from each module specific
<function>pam_sm_setcred</function>() call are treated as
<emphasis remap="B">required</emphasis>.
</para>
</refsect1>
<refsect1 xml:id="pam_sm_setcred-return_values">
<title>RETURN VALUES</title>
<variablelist>
<varlistentry>
<term>PAM_CRED_UNAVAIL</term>
<listitem>
<para>
This module cannot retrieve the user's credentials.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_CRED_EXPIRED</term>
<listitem>
<para>
The user's credentials have expired.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_CRED_ERR</term>
<listitem>
<para>
This module was unable to set the credentials of the user.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_SUCCESS</term>
<listitem>
<para>
The user credential was successfully set.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_USER_UNKNOWN</term>
<listitem>
<para>
The user is not known to this authentication module.
</para>
</listitem>
</varlistentry>
</variablelist>
<para>
These, non-<emphasis>PAM_SUCCESS</emphasis>, return values will
typically lead to the credential stack <emphasis>failing</emphasis>.
The first such error will dominate in the return value of
<function>pam_setcred</function>().
</para>
</refsect1>
<refsect1 xml:id="pam_sm_setcred-see_also">
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>pam</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam_setcred</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam_sm_authenticate</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>
</para>
</refsect1>
</refentry>
Reference in New Issue View Git Blame Copy Permalink