diff options
Diffstat (limited to 'doc/man/pam_set_item.3')
-rw-r--r-- | doc/man/pam_set_item.3 | 340 |
1 files changed, 340 insertions, 0 deletions
diff --git a/doc/man/pam_set_item.3 b/doc/man/pam_set_item.3 new file mode 100644 index 00000000..0935fe1b --- /dev/null +++ b/doc/man/pam_set_item.3 @@ -0,0 +1,340 @@ +.\" Title: pam_set_item +.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] +.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/> +.\" Date: 10/27/2010 +.\" Manual: Linux-PAM Manual +.\" Source: Linux-PAM Manual +.\" Language: English +.\" +.TH "PAM_SET_ITEM" "3" "10/27/2010" "Linux-PAM Manual" "Linux-PAM Manual" +.\" ----------------------------------------------------------------- +.\" * (re)Define some macros +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" toupper - uppercase a string (locale-aware) +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.de toupper +.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ +\\$* +.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz +.. +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" SH-xref - format a cross-reference to an SH section +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.de SH-xref +.ie n \{\ +.\} +.toupper \\$* +.el \{\ +\\$* +.\} +.. +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" SH - level-one heading that works better for non-TTY output +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.de1 SH +.\" put an extra blank line of space above the head in non-TTY output +.if t \{\ +.sp 1 +.\} +.sp \\n[PD]u +.nr an-level 1 +.set-an-margin +.nr an-prevailing-indent \\n[IN] +.fi +.in \\n[an-margin]u +.ti 0 +.HTML-TAG ".NH \\n[an-level]" +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +\." make the size of the head bigger +.ps +3 +.ft B +.ne (2v + 1u) +.ie n \{\ +.\" if n (TTY output), use uppercase +.toupper \\$* +.\} +.el \{\ +.nr an-break-flag 0 +.\" if not n (not TTY), use normal case (not uppercase) +\\$1 +.in \\n[an-margin]u +.ti 0 +.\" if not n (not TTY), put a border/line under subheading +.sp -.6 +\l'\n(.lu' +.\} +.. +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" SS - level-two heading that works better for non-TTY output +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.de1 SS +.sp \\n[PD]u +.nr an-level 1 +.set-an-margin +.nr an-prevailing-indent \\n[IN] +.fi +.in \\n[IN]u +.ti \\n[SN]u +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.ps \\n[PS-SS]u +\." make the size of the head bigger +.ps +2 +.ft B +.ne (2v + 1u) +.if \\n[.$] \&\\$* +.. +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" BB/BE - put background/screen (filled box) around block of text +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.de BB +.if t \{\ +.sp -.5 +.br +.in +2n +.ll -2n +.gcolor red +.di BX +.\} +.. +.de EB +.if t \{\ +.if "\\$2"adjust-for-leading-newline" \{\ +.sp -1 +.\} +.br +.di +.in +.ll +.gcolor +.nr BW \\n(.lu-\\n(.i +.nr BH \\n(dn+.5v +.ne \\n(BHu+.5v +.ie "\\$2"adjust-for-leading-newline" \{\ +\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] +.\} +.el \{\ +\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] +.\} +.in 0 +.sp -.5v +.nf +.BX +.in +.sp .5v +.fi +.\} +.. +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" BM/EM - put colored marker in margin next to block of text +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.de BM +.if t \{\ +.br +.ll -2n +.gcolor red +.di BX +.\} +.. +.de EM +.if t \{\ +.br +.di +.ll +.gcolor +.nr BH \\n(dn +.ne \\n(BHu +\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] +.in 0 +.nf +.BX +.in +.fi +.\} +.. +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "Name" +pam_set_item \- set and update PAM informations +.SH "Synopsis" +.sp +.ft B +.fam C +.ps -1 +.nf +#include <security/pam_modules\&.h> +.fi +.fam +.ps +1 +.ft +.fam C +.HP \w'int\ pam_set_item('u +.BI "int pam_set_item(pam_handle_t\ *" "pamh" ", int\ " "item_type" ", const\ void\ *" "item" ");" +.fam +.SH "DESCRIPTION" +.PP +The +\fBpam_set_item\fR +function allows applications and PAM service modules to access and to update PAM informations of +\fIitem_type\fR\&. For this a copy of the object pointed to by the +\fIitem\fR +argument is created\&. The following +\fIitem_type\fRs are supported: +.PP +PAM_SERVICE +.RS 4 +The service name (which identifies that PAM stack that the PAM functions will use to authenticate the program)\&. +.RE +.PP +PAM_USER +.RS 4 +The username of the entity under whose identity service will be given\&. That is, following authentication, +\fIPAM_USER\fR +identifies the local entity that gets to use the service\&. Note, this value can be mapped from something (eg\&., "anonymous") to something else (eg\&. "guest119") by any module in the PAM stack\&. As such an application should consult the value of +\fIPAM_USER\fR +after each call to a PAM function\&. +.RE +.PP +PAM_USER_PROMPT +.RS 4 +The string used when prompting for a user\'s name\&. The default value for this string is a localized version of "login: "\&. +.RE +.PP +PAM_TTY +.RS 4 +The terminal name: prefixed by +\FC/dev/\F[] +if it is a device file; for graphical, X\-based, applications the value for this item should be the +\fI$DISPLAY\fR +variable\&. +.RE +.PP +PAM_RUSER +.RS 4 +The requesting user name: local name for a locally requesting user or a remote user name for a remote requesting user\&. +.sp +Generally an application or module will attempt to supply the value that is most strongly authenticated (a local account before a remote one\&. The level of trust in this value is embodied in the actual authentication stack associated with the application, so it is ultimately at the discretion of the system administrator\&. +.sp + +\fIPAM_RUSER@PAM_RHOST\fR +should always identify the requesting user\&. In some cases, +\fIPAM_RUSER\fR +may be NULL\&. In such situations, it is unclear who the requesting entity is\&. +.RE +.PP +PAM_RHOST +.RS 4 +The requesting hostname (the hostname of the machine from which the +\fIPAM_RUSER\fR +entity is requesting service)\&. That is +\fIPAM_RUSER@PAM_RHOST\fR +does identify the requesting user\&. In some applications, +\fIPAM_RHOST\fR +may be NULL\&. In such situations, it is unclear where the authentication request is originating from\&. +.RE +.PP +PAM_AUTHTOK +.RS 4 +The authentication token (often a password)\&. This token should be ignored by all module functions besides +\fBpam_sm_authenticate\fR(3) +and +\fBpam_sm_chauthtok\fR(3)\&. In the former function it is used to pass the most recent authentication token from one stacked module to another\&. In the latter function the token is used for another purpose\&. It contains the currently active authentication token\&. +.RE +.PP +PAM_OLDAUTHTOK +.RS 4 +The old authentication token\&. This token should be ignored by all module functions except +\fBpam_sm_chauthtok\fR(3)\&. +.RE +.PP +PAM_CONV +.RS 4 +The pam_conv structure\&. See +\fBpam_conv\fR(3)\&. +.RE +.PP +The following additional items are specific to Linux\-PAM and should not be used in portable applications: +.PP +PAM_FAIL_DELAY +.RS 4 +A function pointer to redirect centrally managed failure delays\&. See +\fBpam_fail_delay\fR(3)\&. +.RE +.PP +PAM_XDISPLAY +.RS 4 +The name of the X display\&. For graphical, X\-based applications the value for this item should be the +\fI$DISPLAY\fR +variable\&. This value may be used independently of +\fIPAM_TTY\fR +for passing the name of the display\&. +.RE +.PP +PAM_XAUTHDATA +.RS 4 +A pointer to a structure containing the X authentication data required to make a connection to the display specified by +\fIPAM_XDISPLAY\fR, if such information is necessary\&. See +\fBpam_xauth_data\fR(3)\&. +.RE +.PP +PAM_AUTHTOK_TYPE +.RS 4 +The default action is for the module to use the following prompts when requesting passwords: "New UNIX password: " and "Retype UNIX password: "\&. The example word +\fIUNIX\fR +can be replaced with this item, by default it is empty\&. This item is used by +\fBpam_get_authtok\fR(3)\&. +.RE +.PP +For all +\fIitem_type\fRs, other than PAM_CONV and PAM_FAIL_DELAY, +\fIitem\fR +is a pointer to a <NUL> terminated character string\&. In the case of PAM_CONV, +\fIitem\fR +points to an initialized +\fIpam_conv\fR +structure\&. In the case of PAM_FAIL_DELAY, +\fIitem\fR +is a function pointer: +\fBvoid (*delay_fn)(int retval, unsigned usec_delay, void *appdata_ptr)\fR +.PP +Both, PAM_AUTHTOK and PAM_OLDAUTHTOK, will be reseted before returning to the application\&. Which means an application is not able to access the authentication tokens\&. +.SH "RETURN VALUES" +.PP +PAM_BAD_ITEM +.RS 4 +The application attempted to set an undefined or inaccessible item\&. +.RE +.PP +PAM_BUF_ERR +.RS 4 +Memory buffer error\&. +.RE +.PP +PAM_SUCCESS +.RS 4 +Data was successful updated\&. +.RE +.PP +PAM_SYSTEM_ERR +.RS 4 +The +\fIpam_handle_t\fR +passed as first argument was invalid\&. +.RE +.SH "SEE ALSO" +.PP + +\fBpam_get_item\fR(3), +\fBpam_strerror\fR(3) |