diff options
Diffstat (limited to '')
-rw-r--r-- | doc/man/pam_setcred.3 | 122 | ||||
-rw-r--r-- | doc/man/pam_setcred.3.xml | 180 |
2 files changed, 302 insertions, 0 deletions
diff --git a/doc/man/pam_setcred.3 b/doc/man/pam_setcred.3 new file mode 100644 index 0000000..893477e --- /dev/null +++ b/doc/man/pam_setcred.3 @@ -0,0 +1,122 @@ +'\" t +.\" Title: pam_setcred +.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 06/08/2020 +.\" Manual: Linux-PAM Manual +.\" Source: Linux-PAM Manual +.\" Language: English +.\" +.TH "PAM_SETCRED" "3" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +pam_setcred \- establish / delete user credentials +.SH "SYNOPSIS" +.sp +.ft B +.nf +#include <security/pam_appl\&.h> +.fi +.ft +.HP \w'int\ pam_setcred('u +.BI "int pam_setcred(pam_handle_t\ *" "pamh" ", int\ " "flags" ");" +.SH "DESCRIPTION" +.PP +The +\fBpam_setcred\fR +function is used to establish, maintain and delete the credentials of a user\&. It should be called to set the credentials after a user has been authenticated and before a session is opened for the user (with +\fBpam_open_session\fR(3))\&. The credentials should be deleted after the session has been closed (with +\fBpam_close_session\fR(3))\&. +.PP +A credential is something that the user possesses\&. It is some property, such as a +\fIKerberos\fR +ticket, or a supplementary group membership that make up the uniqueness of a given user\&. On a Linux system the user\*(Aqs +\fIUID\fR +and +\fIGID\fR\*(Aqs are credentials too\&. However, it has been decided that these properties (along with the default supplementary groups of which the user is a member) are credentials that should be set directly by the application and not by PAM\&. Such credentials should be established, by the application, prior to a call to this function\&. For example, +\fBinitgroups\fR(2) +(or equivalent) should have been performed\&. +.PP +Valid +\fIflags\fR, any one of which, may be logically OR\*(Aqd with +\fBPAM_SILENT\fR, are: +.PP +PAM_ESTABLISH_CRED +.RS 4 +Initialize the credentials for the user\&. +.RE +.PP +PAM_DELETE_CRED +.RS 4 +Delete the user\*(Aqs credentials\&. +.RE +.PP +PAM_REINITIALIZE_CRED +.RS 4 +Fully reinitialize the user\*(Aqs credentials\&. +.RE +.PP +PAM_REFRESH_CRED +.RS 4 +Extend the lifetime of the existing credentials\&. +.RE +.SH "RETURN VALUES" +.PP +PAM_BUF_ERR +.RS 4 +Memory buffer error\&. +.RE +.PP +PAM_CRED_ERR +.RS 4 +Failed to set user credentials\&. +.RE +.PP +PAM_CRED_EXPIRED +.RS 4 +User credentials are expired\&. +.RE +.PP +PAM_CRED_UNAVAIL +.RS 4 +Failed to retrieve user credentials\&. +.RE +.PP +PAM_SUCCESS +.RS 4 +Data was successful stored\&. +.RE +.PP +PAM_SYSTEM_ERR +.RS 4 +A NULL pointer was submitted as PAM handle, the function was called by a module or another system error occurred\&. +.RE +.PP +PAM_USER_UNKNOWN +.RS 4 +User is not known to an authentication module\&. +.RE +.SH "SEE ALSO" +.PP +\fBpam_authenticate\fR(3), +\fBpam_open_session\fR(3), +\fBpam_close_session\fR(3), +\fBpam_strerror\fR(3) diff --git a/doc/man/pam_setcred.3.xml b/doc/man/pam_setcred.3.xml new file mode 100644 index 0000000..6292248 --- /dev/null +++ b/doc/man/pam_setcred.3.xml @@ -0,0 +1,180 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" + "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> + +<refentry id="pam_setcred"> + + <refmeta> + <refentrytitle>pam_setcred</refentrytitle> + <manvolnum>3</manvolnum> + <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> + </refmeta> + + <refnamediv id="pam_setcred-name"> + <refname>pam_setcred</refname> + <refpurpose> + establish / delete user credentials + </refpurpose> + </refnamediv> + + <!-- body begins here --> + <refsynopsisdiv> + <funcsynopsis id='pam_setcred-synopsis'> + <funcsynopsisinfo>#include <security/pam_appl.h></funcsynopsisinfo> + <funcprototype> + <funcdef>int <function>pam_setcred</function></funcdef> + <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> + <paramdef>int <parameter>flags</parameter></paramdef> + </funcprototype> + </funcsynopsis> + </refsynopsisdiv> + + + <refsect1 id='pam_setcred-description'> + <title>DESCRIPTION</title> + <para> + The <function>pam_setcred</function> function is used to establish, + maintain and delete the credentials of a user. It should be called + to set the credentials after a user has been authenticated and before + a session is opened for the user (with + <citerefentry> + <refentrytitle>pam_open_session</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>). The credentials should be deleted after the session + has been closed (with + <citerefentry> + <refentrytitle>pam_close_session</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>). + </para> + + <para> + A credential is something that the user possesses. It is some + property, such as a <emphasis>Kerberos</emphasis> ticket, or a + supplementary group membership that make up the uniqueness of a + given user. On a Linux system the user's <emphasis>UID</emphasis> + and <emphasis>GID</emphasis>'s are credentials too. However, it + has been decided that these properties (along with the default + supplementary groups of which the user is a member) are credentials + that should be set directly by the application and not by PAM. + Such credentials should be established, by the application, prior + to a call to this function. For example, + <citerefentry> + <refentrytitle>initgroups</refentrytitle><manvolnum>2</manvolnum> + </citerefentry> (or equivalent) should have been performed. + </para> + + <para> + Valid <emphasis>flags</emphasis>, any one of which, may be + logically OR'd with <option>PAM_SILENT</option>, are: + </para> + + <variablelist> + <varlistentry> + <term>PAM_ESTABLISH_CRED</term> + <listitem> + <para>Initialize the credentials for the user.</para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_DELETE_CRED</term> + <listitem> + <para>Delete the user's credentials.</para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_REINITIALIZE_CRED</term> + <listitem> + <para>Fully reinitialize the user's credentials.</para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_REFRESH_CRED</term> + <listitem> + <para>Extend the lifetime of the existing credentials.</para> + </listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1 id='pam_setcred-return_values'> + <title>RETURN VALUES</title> + <variablelist> + <varlistentry> + <term>PAM_BUF_ERR</term> + <listitem> + <para> + Memory buffer error. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_CRED_ERR</term> + <listitem> + <para> + Failed to set user credentials. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_CRED_EXPIRED</term> + <listitem> + <para> + User credentials are expired. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_CRED_UNAVAIL</term> + <listitem> + <para> + Failed to retrieve user credentials. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_SUCCESS</term> + <listitem> + <para> + Data was successful stored. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_SYSTEM_ERR</term> + <listitem> + <para> + A NULL pointer was submitted as PAM handle, the + function was called by a module or another system + error occurred. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_USER_UNKNOWN</term> + <listitem> + <para> + User is not known to an authentication module. + </para> + </listitem> + </varlistentry> + + </variablelist> + </refsect1> + + <refsect1 id="pam_set_data-see_also"> + <title>SEE ALSO</title> + <para> + <citerefentry> + <refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_open_session</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_close_session</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> + </citerefentry> + </para> + </refsect1> +</refentry> |