pam_sm_setcred(3) — Linux manual page


PAM_SM_SETCRED(3)           Linux-PAM Manual           PAM_SM_SETCRED(3)

NAME         top

       pam_sm_setcred - PAM service function to alter credentials

SYNOPSIS         top

       #include <security/pam_modules.h>

       int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc,
                          const char **argv);

DESCRIPTION         top

       The pam_sm_setcred function is the service module's
       implementation of the pam_setcred(3) interface.

       This function performs the task of altering the credentials of
       the user with respect to the corresponding authorization scheme.
       Generally, an authentication module may have access to more
       information about a user than their authentication token. This
       function is used to make such information available to the
       application. It should only be called after the user has been
       authenticated but before a session has been established.

       Valid flags, which may be logically OR'd with PAM_SILENT, are:

           Do not emit any messages.

           Initialize the credentials for the user.

           Delete the credentials associated with the authentication

           Reinitialize the user credentials.

           Extend the lifetime of the user credentials.

       The way the auth stack is navigated in order to evaluate the
       pam_setcred() function call, independent of the pam_sm_setcred()
       return codes, is exactly the same way that it was navigated when
       evaluating the pam_authenticate() library call. Typically, if a
       stack entry was ignored in evaluating pam_authenticate(), it will
       be ignored when libpam evaluates the pam_setcred() function call.
       Otherwise, the return codes from each module specific
       pam_sm_setcred() call are treated as required.

RETURN VALUES         top

           This module cannot retrieve the user's credentials.

           The user's credentials have expired.

           This module was unable to set the credentials of the user.

           The user credential was successfully set.

           The user is not known to this authentication module.

       These, non-PAM_SUCCESS, return values will typically lead to the
       credential stack failing. The first such error will dominate in
       the return value of pam_setcred().

SEE ALSO         top

       pam(3), pam_authenticate(3), pam_setcred(3),
       pam_sm_authenticate(3), pam_strerror(3), PAM(8)

COLOPHON         top

       This page is part of the linux-pam (Pluggable Authentication
       Modules for Linux) project.  Information about the project can be
       found at ⟨⟩.  If you have a bug report
       for this manual page, see ⟨//⟩.  This page was
       obtained from the project's upstream Git repository
       ⟨⟩ on 2023-12-22.  (At
       that time, the date of the most recent commit that was found in
       the repository was 2023-12-18.)  If you discover any rendering
       problems in this HTML version of the page, or you believe there
       is a better or more up-to-date source for the page, or you have
       corrections or improvements to the information in this COLOPHON
       (which is not part of the original manual page), send a mail to

Linux-PAM Manual               12/22/2023              PAM_SM_SETCRED(3)

Pages that refer to this page: pam_sm_authenticate(3)PAM(8)pam_debug(8)