NAME
pam_setcred — modify/delete user credentials for an authentication service
SYNOPSIS
cc
[ flag ... ] file ...
-lpam
[ library ... ]
#include <security/pam_appl.h>
int pam_setcred(pam_handle_t *pamh,
int flags);
DESCRIPTION
pam_setcred()
is used to establish, modify, or delete user credentials.
pam_setcred()
is typically called after the user has been authenticated
and after a session has been opened (refer to
pam_authenticate(3),
pam_acct_mgmt(3),
and
pam_open_session(3)).
The user is specified by a prior call to
pam_start()
or
pam_set_item(),
and is referenced by the authentication handle,
pamh.
The following flags may be set in the
flags
field. Note that the first four flags are mutually exclusive:
- PAM_ESTABLISH_CRED
Set user credentials for an authentication service.
- PAM_DELETE_CRED
Delete user credentials associated with an authentication service.
- PAM_REINITIALIZE_CRED
Reinitialize user credentials.
- PAM_REFRESH_CRED
Extend lifetime of user credentials.
- PAM_SILENT
Authentication service should not generate any messages.
If none of the flags are set,
PAM_ESTABLISH_CRED
is used as the default.
APPLICATION USAGE
Refer to
pam(3)
for information on thread-safety of PAM interfaces.
RETURN VALUES
Upon success,
pam_setcred()
returns
PAM_SUCCESS.
In addition to the error return values described in
pam(3),
the following values may be returned upon error:
- PAM_CRED_UNAVAIL
Underlying authentication service can not retrieve user credentials unavailable.
- PAM_CRED_EXPIRED
User credentials expired.
- PAM_USER_UNKNOWN
User unknown to underlying authentication service.
- PAM_CRED_ERR
Failure setting user credentials.