The pam_setcred
function is
used to establish, maintain and delete the credentials of a
user. It should be called to set the credentials after a user
has been authenticated and before a session is opened for the
user (with pam_open_session(3)). The
credentials should be deleted after the session has been
closed (with pam_close_session(3)).
A credential is something that the user possesses. It is some property, such as a Kerberos ticket, or a supplementary group membership that make up the uniqueness of a given user. On a Linux system the user's UID and GID's are credentials too. However, it has been decided that these properties (along with the default supplementary groups of which the user is a member) are credentials that should be set directly by the application and not by PAM. Such credentials should be established, by the application, prior to a call to this function. For example, initgroups(2) (or equivalent) should have been performed.
Valid flags, any
one of which, may be logically OR'd with PAM_SILENT
, are:
Initialize the credentials for the user.
Delete the user's credentials.
Fully reinitialize the user's credentials.
Extend the lifetime of the existing credentials.
Memory buffer error.
Failed to set user credentials.
User credentials are expired.
Failed to retrieve user credentials.
Data was successful stored.
A NULL pointer was submitted as PAM handle, the function was called by a module or another system error occured.
User is not known to an authentication module.
pam_authenticate(3), pam_open_session(3), pam_close_session(3), pam_strerror(3)
See Linux-PAM copyright notice for more information.
|