pam_setcred(3) — Linux manual page

NAME | SYNOPSIS | DESCRIPTION | RETURN VALUES | SEE ALSO | COLOPHON

PAM_SETCRED(3)              Linux-PAM Manual              PAM_SETCRED(3)

NAME         top

       pam_setcred - establish / delete user credentials

SYNOPSIS         top

       #include <security/pam_appl.h>

       int pam_setcred(pam_handle_t *pamh, int flags);

DESCRIPTION         top

       The pam_setcred function is used to establish, maintain and
       delete the credentials of a user. It should be called to set the
       credentials after a user has been authenticated and before a
       session is opened for the user (with pam_open_session(3)). The
       credentials should be deleted after the session has been closed
       (with pam_close_session(3)).

       A credential is something that the user possesses. It is some
       property, such as a Kerberos ticket, or a supplementary group
       membership that make up the uniqueness of a given user. On a
       Linux system the user's UID and GID's are credentials too.
       However, it has been decided that these properties (along with
       the default supplementary groups of which the user is a member)
       are credentials that should be set directly by the application
       and not by PAM. Such credentials should be established, by the
       application, prior to a call to this function. For example,
       initgroups(2) (or equivalent) should have been performed.

       Valid flags, any one of which, may be logically OR'd with
       PAM_SILENT, are:

       PAM_ESTABLISH_CRED
           Initialize the credentials for the user.

       PAM_DELETE_CRED
           Delete the user's credentials.

       PAM_REINITIALIZE_CRED
           Fully reinitialize the user's credentials.

       PAM_REFRESH_CRED
           Extend the lifetime of the existing credentials.

RETURN VALUES         top

       PAM_BUF_ERR
           Memory buffer error.

       PAM_CRED_ERR
           Failed to set user credentials.

       PAM_CRED_EXPIRED
           User credentials are expired.

       PAM_CRED_UNAVAIL
           Failed to retrieve user credentials.

       PAM_SUCCESS
           Data was successful stored.

       PAM_SYSTEM_ERR
           A NULL pointer was submitted as PAM handle, the function was
           called by a module or another system error occurred.

       PAM_USER_UNKNOWN
           User is not known to an authentication module.

SEE ALSO         top

       pam_authenticate(3), pam_open_session(3), pam_close_session(3),
       pam_strerror(3)

COLOPHON         top

       This page is part of the linux-pam (Pluggable Authentication
       Modules for Linux) project.  Information about the project can be
       found at ⟨http://www.linux-pam.org/⟩.  If you have a bug report
       for this manual page, see ⟨//www.linux-pam.org/⟩.  This page was
       obtained from the project's upstream Git repository
       ⟨https://github.com/linux-pam/linux-pam.git⟩ on 2023-12-22.  (At
       that time, the date of the most recent commit that was found in
       the repository was 2023-12-18.)  If you discover any rendering
       problems in this HTML version of the page, or you believe there
       is a better or more up-to-date source for the page, or you have
       corrections or improvements to the information in this COLOPHON
       (which is not part of the original manual page), send a mail to
       man-pages@man7.org

Linux-PAM Manual               12/22/2023                 PAM_SETCRED(3)

Pages that refer to this page: pam(3)pam_authenticate(3)pam_chauthtok(3)pam_sm_setcred(3)pam_filter(8)pam_keyinit(8)