int
pam_acct_mgmt(
pam_handle_t *pamh
, int flags
)
int
pam_authenticate(
pam_handle_t *pamh
, int flags
)
int
pam_chauthtok(
pam_handle_t *pamh
, int flags
)
int
pam_close_session(
pam_handle_t *pamh
, int flags
)
int
pam_end(
pam_handle_t *pamh
, int status
)
int
pam_get_data(
const pam_handle_t *pamh
, const char *module_data_name
, const void **data
)
int
pam_get_item(
const pam_handle_t *pamh
, int item_type
, const void **item
)
int
pam_get_user(
pam_handle_t *pamh
, const char **user
, const char *prompt
)
const char *
pam_getenv(
pam_handle_t *pamh
, const char *name
)
char **
pam_getenvlist(
pam_handle_t *pamh
)
int
pam_open_session(
pam_handle_t *pamh
, int flags
)
int
pam_putenv(
pam_handle_t *pamh
, const char *namevalue
)
int
pam_set_data(
pam_handle_t *pamh
, const char *module_data_name
, void *data
)void (*cleanup)(pam_handle_t *pamh, void *data, int pam_end_status)
int
pam_set_item(
pam_handle_t *pamh
, int item_type
, const void *item
)
int
pam_setcred(
pam_handle_t *pamh
, int flags
)
int
pam_start(
const char *service
, const char *user
, const struct pam_conv *pam_conv
, pam_handle_t **pamh
)
const char *
pam_strerror(
const pam_handle_t *pamh
, int error_number
)
The user requesting authentication is called the applicant, while the user (usually, root) charged with verifying his identity and granting him the requested credentials is called the arbitrator.
The sequence of operations the server goes through to authenticate a user and perform whatever task he requested is a PAM transaction; the context within which the server performs the requested task is called a session.
The functionality embodied by PAM is divided into six primitives grouped into four facilities: authentication, account management, session management and password management.
)
function initializes the PAM library and returns a handle which must
be provided in all subsequent function calls.
The transaction state is contained entirely within the structure
identified by this handle, so it is possible to conduct multiple
transactions in parallel.
The
pam_end()
function releases all resources associated with the specified context,
and can be called at any time to terminate a PAM transaction.
)
and
pam_get_item(
)
functions set and retrieve a number of predefined items, including the
service name, the names of the requesting and target users, the
conversation function, and prompts.
The
pam_set_data()
and
pam_get_data(
)
functions manage named chunks of free-form data, generally used by
modules to store state from one invocation to another.
)
and
pam_setcred(
).
The former authenticates the user, while the latter manages his
credentials.
)
function enforces policies such as password expiry, account expiry,
time-of-day restrictions, and so forth.
)
and
pam_close_session(
)
functions handle session setup and teardown.
)
function allows the server to change the user's password, either at
the user's request or because the password has expired.
),
pam_getenv(
)
and
pam_getenvlist(
)
functions manage a private environment list in which modules can set
environment variables they want the server to export during the
session.
The
pam_strerror()
function returns a pointer to a string describing the specified PAM
error code.
PAM_ABORT
]
PAM_ACCT_EXPIRED
]
PAM_AUTHINFO_UNAVAIL
]
PAM_AUTHTOK_DISABLE_AGING
]
PAM_AUTHTOK_ERR
]
PAM_AUTHTOK_EXPIRED
]
PAM_AUTHTOK_LOCK_BUSY
]
PAM_AUTHTOK_RECOVERY_ERR
]
PAM_AUTH_ERR
]
PAM_BUF_ERR
]
PAM_CONV_ERR
]
PAM_CRED_ERR
]
PAM_CRED_EXPIRED
]
PAM_CRED_INSUFFICIENT
]
PAM_CRED_UNAVAIL
]
PAM_DOMAIN_UNKNOWN
]
PAM_IGNORE
]
PAM_MAXTRIES
]
PAM_MODULE_UNKNOWN
]
PAM_NEW_AUTHTOK_REQD
]
PAM_NO_MODULE_DATA
]
PAM_OPEN_ERR
]
PAM_PERM_DENIED
]
PAM_SERVICE_ERR
]
PAM_SESSION_ERR
]
PAM_SUCCESS
]
PAM_SYMBOL_ERR
]
PAM_SYSTEM_ERR
]
PAM_TRY_AGAIN
]
PAM_USER_UNKNOWN
]