diff options
Diffstat (limited to 'doc/man/pam_sm_setcred.3.xml')
| -rw-r--r-- | doc/man/pam_sm_setcred.3.xml | 179 |
1 files changed, 179 insertions, 0 deletions
diff --git a/doc/man/pam_sm_setcred.3.xml b/doc/man/pam_sm_setcred.3.xml new file mode 100644 index 00000000..e4809ad7 --- /dev/null +++ b/doc/man/pam_sm_setcred.3.xml @@ -0,0 +1,179 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" + "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> +<refentry id='pam_sm_setcred'> + <refmeta> + <refentrytitle>pam_sm_setcred</refentrytitle> + <manvolnum>3</manvolnum> + <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> + </refmeta> + + <refnamediv id="pam_sm_setcred-name"> + <refname>pam_sm_setcred</refname> + <refpurpose>PAM service function to alter credentials</refpurpose> + </refnamediv> + +<!-- body begins here --> + + <refsynopsisdiv> + <funcsynopsis id='pam_sm_setcred-synopsis'> + <funcsynopsisinfo>#define PAM_SM_AUTH</funcsynopsisinfo> + <funcsynopsisinfo>#include <security/pam_modules.h></funcsynopsisinfo> + <funcprototype> + <funcdef>PAM_EXTERN int <function>pam_sm_setcred</function></funcdef> + <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> + <paramdef>int <parameter>flags</parameter></paramdef> + <paramdef>int <parameter>argc</parameter></paramdef> + <paramdef>const char **<parameter>argv</parameter></paramdef> + </funcprototype> + </funcsynopsis> + </refsynopsisdiv> + + + <refsect1 id='pam_sm_setcred-description'> + <title>DESCRIPTION</title> + <para> + The <function>pam_sm_setcred</function> function is the service + module's implementation of the + <citerefentry> + <refentrytitle>pam_setcred</refentrytitle><manvolnum>3</manvolnum> + </citerefentry> interface. + </para> + <para> + This function performs the task of altering the credentials of the + user with respect to the corresponding authorization + scheme. Generally, an authentication module may have access to more + information about a user than their authentication token. This + function is used to make such information available to the + application. It should only be called <emphasis>after</emphasis> the + user has been authenticated but before a session has been established. + </para> + <para> + Valid flags, which may be logically OR'd with + <emphasis>PAM_SILENT</emphasis>, are: + </para> + <variablelist> + <varlistentry> + <term>PAM_SILENT</term> + <listitem> + <para> + Do not emit any messages. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_DELETE_CRED</term> + <listitem> + <para> + Delete the credentials associated with the authentication service. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_REINITIALIZE_CRED</term> + <listitem> + <para> + Reinitialize the user credentials. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_REFRESH_CRED</term> + <listitem> + <para> + Extend the lifetime of the user credentials. + </para> + </listitem> + </varlistentry> + </variablelist> + <para> + The way the <emphasis remap='B'>auth</emphasis> stack is + navigated in order to evaluate the <function>pam_setcred</function>() + function call, independent of the <function>pam_sm_setcred</function>() + return codes, is exactly the same way that it was navigated when + evaluating the <function>pam_authenticate</function>() library + call. Typically, if a stack entry was ignored in evaluating + <function>pam_authenticate</function>(), it will be ignored when + libpam evaluates the <function>pam_setcred</function>() function + call. Otherwise, the return codes from each module specific + <function>pam_sm_setcred</function>() call are treated as + <emphasis remap='B'>required</emphasis>. + </para> + </refsect1> + + <refsect1 id="pam_sm_setcred-return_values"> + <title>RETURN VALUES</title> + <variablelist> + <varlistentry> + <term>PAM_CRED_UNAVAIL</term> + <listitem> + <para> + This module cannot retrieve the user's credentials. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_CRED_EXPIRED</term> + <listitem> + <para> + The user's credentials have expired. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_CRED_ERR</term> + <listitem> + <para> + This module was unable to set the credentials of the user. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_SUCCESS</term> + <listitem> + <para> + The user credential was successfully set. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_USER_UNKNOWN</term> + <listitem> + <para> + The user is not known to this authentication module. + </para> + </listitem> + </varlistentry> + </variablelist> + <para> + These, non-<emphasis>PAM_SUCCESS</emphasis>, return values will + typically lead to the credential stack <emphasis>failing</emphasis>. + The first such error will dominate in the return value of + <function>pam_setcred</function>(). + </para> + </refsect1> + + <refsect1 id='pam_sm_setcred-see_also'> + <title>SEE ALSO</title> + <para> + <citerefentry> + <refentrytitle>pam</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_setcred</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_sm_authenticate</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum> + </citerefentry> + </para> + </refsect1> +</refentry> |