pam_set_item(3)

DESCRIPTION

pam_get_item() and pam_set_item() allow applications and PAM service modules to access and update PAM information as needed. The information is specified by item_type, and can be one of the following:

The item_type PAM_AUTHTOK and PAM_OLDAUTHTOK are available only to the module providers for security reasons. The authentication module, account module, and session management module should treat PAM_AUTHTOK as the current authentication token, and should ignore PAM_OLDAUTHTOK. The password management module should treat PAM_OLDAUTHTOK as the current authentication token and PAM_AUTHTOK as the new authentication token.

pam_set_item() is passed the authentication handle, pamh, returned by pam_start(), a pointer to the object, item, and its type, item_type. If successful, pam_set_item() copies the item to an internal storage area allocated by the authentication module and returns PAM_SUCCESS. An item that had been previously set will be overwritten by the new value.

pam_get_item() is passed the authentication handle, pamh, returned by pam_start(), an item_type, and the address of the pointer, item, which is assigned the address of the requested object. The object data is valid until modified by a subsequent call to pam_set_item() for the same item_type, or unless it is modified by any of the underlying service modules. If the item has not been previously set, pam_get_item() returns a NULL pointer. An item retrieved by pam_get_item() should not be modified or freed. The item will be released by pam_end().

APPLICATION USAGE

Refer to pam(3) for information on thread-safety of PAM interfaces.

RETURN VALUES

Upon success, pam_get_item() returns PAM_SUCCESS; otherwise it returns an error code. Refer to pam(3) for information on error related return values.

SEE ALSO

pam_start(3), pam_authenticate(3), pam_acct_mgmt(3), pam_open_session(3), pam_setcred(3), pam_chauthtok(3), pam_get_user(3), pam(3).