|
pam_acct_mgmt(3) -- perform PAM account validation procedures
|
The function pam_acct_mgmt() is called to determine if the current user's account is valid. This includes checking for password and account expiration, as well as verifying access hour restrictions and terminal access restrictions for trusted mode. This function is typically called after the user has been authenticated with pam_authenticate(3). The pamh argument is an authentication handle obtain... |
pam_authenticate(3) -- perform authentication within the PAM framework
|
pam_authenticate() is called to authenticate the current user. The user is usually required to enter a password or similar authentication token depending upon the authentication service configured within the system. In the case of smart card authentication this token would be a PIN (Personal Identification Number). The user in question should have been specified by a prior call to pam_start() or p... |
|
pam_chauthtok(3) -- perform password related functions within the PAM framework
|
pam_chauthtok() is called to change the authentication token associated with a particular user referenced by the authentication handle, pamh. The following flag may be passed in to pam_chauthtok(): |
pam_close_session(3) -- perform PAM session creation and termination operations
|
pam_open_session() is called after a user has been successfully authenticated (refer to pam_authenticate(3) and pam_acct_mgmt(3)) and is used to notify the session modules that a new session has been initiated. All programs that use the pam(3) library should invoke pam_open_session() when beginning a new session. Upon termination of this activity, pam_close_session() should be invoked to inform pa... |
pam_end(3) -- authentication transaction routines for PAM
|
pam_start() is called to initiate an authentication transaction. pam_start() takes as arguments the name of the current service, service, the name of the user to be authenticated, user, the address of the conversation structure, pam_conv, and the address of a variable to be assigned the authentication handle, pamh. Upon successful completion, pamh will refer to a PAM handle for use with subsequent... |
pam_get_data(3) -- PAM routines to maintain module specific state
|
pam_set_data() and pam_get_data() allow PAM service modules to access and update module specific information as needed. These functions should not be used by applications. pam_set_data() stores module specific data within the PAM handle, pamh. The module_data_name argument uniquely identifies the data, and the data argument represents the actual data. module_data_name should be unique across all s... |
pam_get_item(3) -- authentication information routines for PAM
|
pam_get_item() and pam_set_item() allow applications and PAM service modules to access and update PAM information as needed. The information is specified by item_type, and can be one of the following: PAM_SERVICE The service name. PAM_USER The user name. PAM_AUTHTOK The user authentication token. PAM_OLDAUTHTOK The old user authentication token. PAM_TTY The tty name. PAM_RHOST The remote host name... |
pam_get_user(3) -- PAM routine to retrieve user name.
|
pam_get_user() is used by PAM service modules to retrieve the current user name from the PAM handle. If the user name has not been set, via pam_start() or pam_set_item(), then the PAM conversation function will be used to prompt the user for the user name with the string "prompt". If prompt is NULL, then pam_get_item() is called and the value of PAM_USER_PROMPT is used for prompting. If the valu... |
pam_open_session(3) -- perform PAM session creation and termination operations
|
pam_open_session() is called after a user has been successfully authenticated (refer to pam_authenticate(3) and pam_acct_mgmt(3)) and is used to notify the session modules that a new session has been initiated. All programs that use the pam(3) library should invoke pam_open_session() when beginning a new session. Upon termination of this activity, pam_close_session() should be invoked to inform pa... |
pam_setcred(3) -- modify/delete user credentials for an authentication service
|
pam_setcred() is used to establish, modify, or delete user credentials. pam_setcred() is typically called after the user has been authenticated and after a session has been opened (refer to pam_authenticate(3), pam_acct_mgmt(3), and pam_open_session(3)). The user is specified by a prior call to pam_start() or pam_set_item(), and is referenced by the authentication handle, pamh. The following flags... |
pam_set_data(3) -- PAM routines to maintain module specific state
|
pam_set_data() and pam_get_data() allow PAM service modules to access and update module specific information as needed. These functions should not be used by applications. pam_set_data() stores module specific data within the PAM handle, pamh. The module_data_name argument uniquely identifies the data, and the data argument represents the actual data. module_data_name should be unique across all s... |
pam_set_item(3) -- authentication information routines for PAM
|
pam_get_item() and pam_set_item() allow applications and PAM service modules to access and update PAM information as needed. The information is specified by item_type, and can be one of the following: PAM_SERVICE The service name. PAM_USER The user name. PAM_AUTHTOK The user authentication token. PAM_OLDAUTHTOK The old user authentication token. PAM_TTY The tty name. PAM_RHOST The remote host name... |
pam_sm(3) -- PAM Service Module APIs
|
PAM gives system administrators the flexibility of choosing any authentication service available on the system to perform authentication. The framework also allows new authentication service modules to be plugged in and made available without modifying the applications. The PAM framework, libpam, consists of an interface library and multiple authentication service modules. The PAM interface librar... |
pam_sm_acct_mgmt(3) -- Service provider implementation for pam_acct_mgmt
|
In response to a call to pam_acct_mgmt(3), the PAM framework calls pam_sm_acct_mgmt() from the modules listed in the pam.conf(4) file. The account management provider supplies the back-end functionality for this interface function. The applications should not call this API directly. The function, pam_sm_acct_mgmt(), determines whether the current user's account and password are valid. This includ... |
pam_sm_authenticate(3) -- Service provider implementation for pam_authenticate
|
In response to a call to pam_authenticate(3), the PAM framework calls pam_sm_authenticate() from the modules listed in the pam.conf(4) file. The authentication provider supplies the back-end functionality for this interface function. The function, pam_sm_authenticate(), is called to verify the identity of the current user. The user is usually required to enter a password or similar authentication ... |