path: root/doc/man/pam_open_session.3
diff options
authorAndrew G. Morgan <>2000-06-20 22:10:38 +0000
committerAndrew G. Morgan <>2000-06-20 22:10:38 +0000
commitea488580c42e8918445a945484de3c8a5addc761 (patch)
treec992f3ba699caafedfadc16af38e6359c3c24698 /doc/man/pam_open_session.3
Initial revision
Diffstat (limited to 'doc/man/pam_open_session.3')
1 files changed, 99 insertions, 0 deletions
diff --git a/doc/man/pam_open_session.3 b/doc/man/pam_open_session.3
new file mode 100644
index 00000000..4e63b5c4
--- /dev/null
+++ b/doc/man/pam_open_session.3
@@ -0,0 +1,99 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\" $Id$
+.\" Copyright (c) Andrew G. Morgan 1997 <>
+.TH PAM_OPEN_SESSION 3 "1997 Jan 4" "Linux-PAM 0.55" "App. Programmers' Manual"
+pam_open/close_session \- PAM session management
+.B #include <security/pam_appl.h>
+.BI "int pam_open_session(pam_handle_t " *pamh ", int " flags ");"
+.BI "int pam_close_session(pam_handle_t " *pamh ", int " flags ");"
+.sp 2
+PAM provides management-hooks for the initialization and termination
+of a session.
+.B pam_open_session
+Use this function to signal that an authenticated user session has
+begun. It should be called only after the user is properly identified
+and (where necessary) has been granted their credentials with
+.BR pam_authenticate "(3)"
+.BR pam_setcred "(3)"
+Some types of functions associated with session
+initialization are logging for the purposes of system-audit and
+mounting directories (the user's home directory for example). These
+should not concern the application. It should be noted that the
+.I effective
+.BR geteuid "(2),"
+of the application should be of sufficient privilege to perform such
+.B pam_close_session
+Use this function to signal that a user session has
+terminated. In general this function may not need to be located in the
+same application as the initialization function,
+.BR pam_open_session "."
+Typically, this function will undo the actions of
+.BR pam_open_session "."
+That is, log audit information concerning the end of the user session
+or unmount the user's home directory. Apart from having sufficient
+privilege the details of the session termination should not concern
+the calling application. It is good programming practice, however, to
+cease acting on behalf of the user on returning from this call.
+A successful return from the session management functions will be
+indicated with
+The specific error indicating a failure to open or close a session is
+In general other return values may be returned. They should be treated
+as indicating failure.
+May be translated to text with
+.BR pam_strerror "(3). "
+OSF-RFC 86.0, October 1995.
+.sp 2
+none known.
+.BR pam_start "(3), "
+.BR pam_authenticate "(3), "
+.BR pam_setcred "(3), "
+.BR pam_get_item "(3), "
+.BR pam_strerror "(3) "
+.BR pam "(3)."
+Also, see the three
+.BR Linux-PAM
+Guides, for
+.BR "System administrators" ", "
+.BR "module developers" ", "
+.BR "application developers" ". "