summaryrefslogtreecommitdiffstats
path: root/doc/man/pam.3
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--doc/man/pam.3302
-rw-r--r--doc/man/pam.3.xml439
2 files changed, 741 insertions, 0 deletions
diff --git a/doc/man/pam.3 b/doc/man/pam.3
new file mode 100644
index 0000000..63f3e76
--- /dev/null
+++ b/doc/man/pam.3
@@ -0,0 +1,302 @@
+'\" t
+.\" Title: pam
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 09/03/2021
+.\" Manual: Linux-PAM Manual
+.\" Source: Linux-PAM Manual
+.\" Language: English
+.\"
+.TH "PAM" "3" "09/03/2021" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+pam \- Pluggable Authentication Modules Library
+.SH "SYNOPSIS"
+.sp
+.ft B
+.nf
+#include <security/pam_appl\&.h>
+.fi
+.ft
+.sp
+.ft B
+.nf
+#include <security/pam_modules\&.h>
+.fi
+.ft
+.sp
+.ft B
+.nf
+#include <security/pam_ext\&.h>
+.fi
+.ft
+.SH "DESCRIPTION"
+.PP
+\fBPAM\fR
+is a system of libraries that handle the authentication tasks of applications (services) on the system\&. The library provides a stable general interface (Application Programming Interface \- API) that privilege granting programs (such as
+\fBlogin\fR(1)
+and
+\fBsu\fR(1)) defer to to perform standard authentication tasks\&.
+.SS "Initialization and Cleanup"
+.PP
+The
+\fBpam_start\fR(3)
+function creates the PAM context and initiates the PAM transaction\&. It is the first of the PAM functions that needs to be called by an application\&. The transaction state is contained entirely within the structure identified by this handle, so it is possible to have multiple transactions in parallel\&. But it is not possible to use the same handle for different transactions, a new one is needed for every new context\&.
+.PP
+The
+\fBpam_end\fR(3)
+function terminates the PAM transaction and is the last function an application should call in the PAM context\&. Upon return the handle pamh is no longer valid and all memory associated with it will be invalid\&. It can be called at any time to terminate a PAM transaction\&.
+.SS "Authentication"
+.PP
+The
+\fBpam_authenticate\fR(3)
+function is used to authenticate the user\&. The user is required to provide an authentication token depending upon the authentication service, usually this is a password, but could also be a finger print\&.
+.PP
+The
+\fBpam_setcred\fR(3)
+function manages the user\*(Aqs credentials\&.
+.SS "Account Management"
+.PP
+The
+\fBpam_acct_mgmt\fR(3)
+function is used to determine if the user\*(Aqs account is valid\&. It checks for authentication token and account expiration and verifies access restrictions\&. It is typically called after the user has been authenticated\&.
+.SS "Password Management"
+.PP
+The
+\fBpam_chauthtok\fR(3)
+function is used to change the authentication token for a given user on request or because the token has expired\&.
+.SS "Session Management"
+.PP
+The
+\fBpam_open_session\fR(3)
+function sets up a user session for a previously successful authenticated user\&. The session should later be terminated with a call to
+\fBpam_close_session\fR(3)\&.
+.SS "Conversation"
+.PP
+The PAM library uses an application\-defined callback to allow a direct communication between a loaded module and the application\&. This callback is specified by the
+\fIstruct pam_conv\fR
+passed to
+\fBpam_start\fR(3)
+at the start of the transaction\&. See
+\fBpam_conv\fR(3)
+for details\&.
+.SS "Data Objects"
+.PP
+The
+\fBpam_set_item\fR(3)
+and
+\fBpam_get_item\fR(3)
+functions allows applications and PAM service modules to set and retrieve PAM information\&.
+.PP
+The
+\fBpam_get_user\fR(3)
+function is the preferred method to obtain the username\&.
+.PP
+The
+\fBpam_set_data\fR(3)
+and
+\fBpam_get_data\fR(3)
+functions allows PAM service modules to set and retrieve free\-form data from one invocation to another\&.
+.SS "Environment and Error Management"
+.PP
+The
+\fBpam_putenv\fR(3),
+\fBpam_getenv\fR(3)
+and
+\fBpam_getenvlist\fR(3)
+functions are for maintaining a set of private environment variables\&.
+.PP
+The
+\fBpam_strerror\fR(3)
+function returns a pointer to a string describing the given PAM error code\&.
+.SH "RETURN VALUES"
+.PP
+The following return codes are known by PAM:
+.PP
+PAM_ABORT
+.RS 4
+Critical error, immediate abort\&.
+.RE
+.PP
+PAM_ACCT_EXPIRED
+.RS 4
+User account has expired\&.
+.RE
+.PP
+PAM_AUTHINFO_UNAVAIL
+.RS 4
+Authentication service cannot retrieve authentication info\&.
+.RE
+.PP
+PAM_AUTHTOK_DISABLE_AGING
+.RS 4
+Authentication token aging disabled\&.
+.RE
+.PP
+PAM_AUTHTOK_ERR
+.RS 4
+Authentication token manipulation error\&.
+.RE
+.PP
+PAM_AUTHTOK_EXPIRED
+.RS 4
+Authentication token expired\&.
+.RE
+.PP
+PAM_AUTHTOK_LOCK_BUSY
+.RS 4
+Authentication token lock busy\&.
+.RE
+.PP
+PAM_AUTHTOK_RECOVERY_ERR
+.RS 4
+Authentication information cannot be recovered\&.
+.RE
+.PP
+PAM_AUTH_ERR
+.RS 4
+Authentication failure\&.
+.RE
+.PP
+PAM_BUF_ERR
+.RS 4
+Memory buffer error\&.
+.RE
+.PP
+PAM_CONV_ERR
+.RS 4
+Conversation failure\&.
+.RE
+.PP
+PAM_CRED_ERR
+.RS 4
+Failure setting user credentials\&.
+.RE
+.PP
+PAM_CRED_EXPIRED
+.RS 4
+User credentials expired\&.
+.RE
+.PP
+PAM_CRED_INSUFFICIENT
+.RS 4
+Insufficient credentials to access authentication data\&.
+.RE
+.PP
+PAM_CRED_UNAVAIL
+.RS 4
+Authentication service cannot retrieve user credentials\&.
+.RE
+.PP
+PAM_IGNORE
+.RS 4
+The return value should be ignored by PAM dispatch\&.
+.RE
+.PP
+PAM_MAXTRIES
+.RS 4
+Have exhausted maximum number of retries for service\&.
+.RE
+.PP
+PAM_MODULE_UNKNOWN
+.RS 4
+Module is unknown\&.
+.RE
+.PP
+PAM_NEW_AUTHTOK_REQD
+.RS 4
+Authentication token is no longer valid; new one required\&.
+.RE
+.PP
+PAM_NO_MODULE_DATA
+.RS 4
+No module specific data is present\&.
+.RE
+.PP
+PAM_OPEN_ERR
+.RS 4
+Failed to load module\&.
+.RE
+.PP
+PAM_PERM_DENIED
+.RS 4
+Permission denied\&.
+.RE
+.PP
+PAM_SERVICE_ERR
+.RS 4
+Error in service module\&.
+.RE
+.PP
+PAM_SESSION_ERR
+.RS 4
+Cannot make/remove an entry for the specified session\&.
+.RE
+.PP
+PAM_SUCCESS
+.RS 4
+Success\&.
+.RE
+.PP
+PAM_SYMBOL_ERR
+.RS 4
+Symbol not found\&.
+.RE
+.PP
+PAM_SYSTEM_ERR
+.RS 4
+System error\&.
+.RE
+.PP
+PAM_TRY_AGAIN
+.RS 4
+Failed preliminary check by password service\&.
+.RE
+.PP
+PAM_USER_UNKNOWN
+.RS 4
+User not known to the underlying authentication module\&.
+.RE
+.SH "SEE ALSO"
+.PP
+\fBpam_acct_mgmt\fR(3),
+\fBpam_authenticate\fR(3),
+\fBpam_chauthtok\fR(3),
+\fBpam_close_session\fR(3),
+\fBpam_conv\fR(3),
+\fBpam_end\fR(3),
+\fBpam_get_data\fR(3),
+\fBpam_getenv\fR(3),
+\fBpam_getenvlist\fR(3),
+\fBpam_get_item\fR(3),
+\fBpam_get_user\fR(3),
+\fBpam_open_session\fR(3),
+\fBpam_putenv\fR(3),
+\fBpam_set_data\fR(3),
+\fBpam_set_item\fR(3),
+\fBpam_setcred\fR(3),
+\fBpam_start\fR(3),
+\fBpam_strerror\fR(3)
+.SH "NOTES"
+.PP
+The
+\fIlibpam\fR
+interfaces are only thread\-safe if each thread within the multithreaded application uses its own PAM handle\&.
diff --git a/doc/man/pam.3.xml b/doc/man/pam.3.xml
new file mode 100644
index 0000000..0b1efcc
--- /dev/null
+++ b/doc/man/pam.3.xml
@@ -0,0 +1,439 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
+<refentry id='pam3'>
+
+ <refmeta>
+ <refentrytitle>pam</refentrytitle>
+ <manvolnum>3</manvolnum>
+ <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id='pam3-name'>
+ <refname>pam</refname>
+ <refpurpose>Pluggable Authentication Modules Library</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv id='pam3-synopsis'>
+ <funcsynopsis>
+ <funcsynopsisinfo>#include &lt;security/pam_appl.h&gt;</funcsynopsisinfo>
+ <funcsynopsisinfo>#include &lt;security/pam_modules.h&gt;</funcsynopsisinfo>
+ <funcsynopsisinfo>#include &lt;security/pam_ext.h&gt;</funcsynopsisinfo>
+ </funcsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1 id='pam3-description'>
+ <title>DESCRIPTION</title>
+ <para>
+ <emphasis remap='B'>PAM</emphasis> is a system of libraries
+ that handle the authentication tasks of applications (services)
+ on the system. The library provides a stable general interface
+ (Application Programming Interface - API) that privilege granting
+ programs (such as
+ <citerefentry>
+ <refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
+ </citerefentry> and <citerefentry>
+ <refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
+ </citerefentry>)
+ defer to to perform standard authentication tasks.
+ </para>
+
+ <refsect2 id='pam3-initialization_and_cleanup'>
+ <title>Initialization and Cleanup</title>
+ <para>
+ The
+ <citerefentry>
+ <refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry> function creates the PAM context and initiates the
+ PAM transaction. It is the first of the PAM functions that needs to
+ be called by an application. The transaction state is contained
+ entirely within the structure identified by this handle, so it is
+ possible to have multiple transactions in parallel. But it is not
+ possible to use the same handle for different transactions, a new
+ one is needed for every new context.
+ </para>
+ <para>
+ The
+ <citerefentry>
+ <refentrytitle>pam_end</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry> function terminates the PAM transaction and is the last
+ function an application should call in the PAM context. Upon return
+ the handle pamh is no longer valid and all memory associated with it
+ will be invalid. It can be called at any time to terminate a PAM
+ transaction.
+ </para>
+ </refsect2>
+
+ <refsect2 id='pam3-authentication'>
+ <title>Authentication</title>
+ <para>
+ The
+ <citerefentry>
+ <refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>
+ function is used to
+ authenticate the user. The user is required to provide an
+ authentication token depending upon the authentication service,
+ usually this is a password, but could also be a finger print.
+ </para>
+ <para>
+ The
+ <citerefentry>
+ <refentrytitle>pam_setcred</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>
+ function manages the user's credentials.
+ </para>
+ </refsect2>
+
+ <refsect2 id='pam3-account_management'>
+ <title>Account Management</title>
+ <para>
+ The
+ <citerefentry>
+ <refentrytitle>pam_acct_mgmt</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry> function is used to determine if the user's account is
+ valid. It checks for authentication token and account expiration and
+ verifies access restrictions. It is typically called after the user
+ has been authenticated.
+ </para>
+ </refsect2>
+
+ <refsect2 id='pam3-password_management'>
+ <title>Password Management</title>
+ <para>
+ The
+ <citerefentry>
+ <refentrytitle>pam_chauthtok</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry> function is used to change the authentication token
+ for a given user on request or because the token has expired.
+ </para>
+ </refsect2>
+
+ <refsect2 id='pam3-session_management'>
+ <title>Session Management</title>
+ <para>
+ The
+ <citerefentry>
+ <refentrytitle>pam_open_session</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry> function sets up a user session for a previously
+ successful authenticated user. The session should later be terminated
+ with a call to
+ <citerefentry>
+ <refentrytitle>pam_close_session</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>.
+ </para>
+ </refsect2>
+
+ <refsect2 id='pam3-conversation'>
+ <title>Conversation</title>
+ <para>
+ The PAM library uses an application-defined callback to allow
+ a direct communication between a loaded module and the application.
+ This callback is specified by the
+ <emphasis>struct pam_conv</emphasis> passed to
+ <citerefentry>
+ <refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry> at the start of the transaction. See
+ <citerefentry>
+ <refentrytitle>pam_conv</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>
+ for details.
+ </para>
+ </refsect2>
+
+ <refsect2 id='pam3-data'>
+ <title>Data Objects</title>
+ <para>
+ The
+ <citerefentry>
+ <refentrytitle>pam_set_item</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>
+ and
+ <citerefentry>
+ <refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>
+ functions allows applications and PAM service modules to set and
+ retrieve PAM information.
+ </para>
+ <para>
+ The
+ <citerefentry>
+ <refentrytitle>pam_get_user</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>
+ function is the preferred method to obtain the username.
+ </para>
+ <para>
+ The
+ <citerefentry>
+ <refentrytitle>pam_set_data</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>
+ and
+ <citerefentry>
+ <refentrytitle>pam_get_data</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>
+ functions allows PAM service modules to set and retrieve free-form
+ data from one invocation to another.
+ </para>
+ </refsect2>
+
+ <refsect2 id='pam3-miscellaneous'>
+ <title>Environment and Error Management</title>
+ <para>
+ The
+ <citerefentry>
+ <refentrytitle>pam_putenv</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_getenv</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry> and
+ <citerefentry>
+ <refentrytitle>pam_getenvlist</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>
+ functions are for maintaining a set of private environment variables.
+ </para>
+
+ <para>
+ The
+ <citerefentry>
+ <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry> function returns a pointer to a string describing the
+ given PAM error code.
+ </para>
+ </refsect2>
+ </refsect1>
+
+ <refsect1 id='pam3-return_values'>
+ <title>RETURN VALUES</title>
+ <para>
+ The following return codes are known by PAM:
+ </para>
+ <variablelist>
+ <varlistentry>
+ <term>PAM_ABORT</term>
+ <listitem>
+ <para>Critical error, immediate abort.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_ACCT_EXPIRED</term>
+ <listitem>
+ <para>User account has expired.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_AUTHINFO_UNAVAIL</term>
+ <listitem>
+ <para>
+ Authentication service cannot retrieve authentication info.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_AUTHTOK_DISABLE_AGING</term>
+ <listitem>
+ <para>Authentication token aging disabled.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_AUTHTOK_ERR</term>
+ <listitem>
+ <para>Authentication token manipulation error.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_AUTHTOK_EXPIRED</term>
+ <listitem>
+ <para>Authentication token expired.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_AUTHTOK_LOCK_BUSY</term>
+ <listitem>
+ <para>Authentication token lock busy.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_AUTHTOK_RECOVERY_ERR</term>
+ <listitem>
+ <para>Authentication information cannot be recovered.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_AUTH_ERR</term>
+ <listitem>
+ <para>Authentication failure.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_BUF_ERR</term>
+ <listitem>
+ <para>Memory buffer error.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_CONV_ERR</term>
+ <listitem>
+ <para>Conversation failure.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_CRED_ERR</term>
+ <listitem>
+ <para>Failure setting user credentials.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_CRED_EXPIRED</term>
+ <listitem>
+ <para>User credentials expired.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_CRED_INSUFFICIENT</term>
+ <listitem>
+ <para>Insufficient credentials to access authentication data.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_CRED_UNAVAIL</term>
+ <listitem>
+ <para>Authentication service cannot retrieve user credentials.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_IGNORE</term>
+ <listitem>
+ <para>The return value should be ignored by PAM dispatch.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_MAXTRIES</term>
+ <listitem>
+ <para>Have exhausted maximum number of retries for service.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_MODULE_UNKNOWN</term>
+ <listitem>
+ <para>Module is unknown.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_NEW_AUTHTOK_REQD</term>
+ <listitem>
+ <para>
+ Authentication token is no longer valid; new one required.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_NO_MODULE_DATA</term>
+ <listitem>
+ <para>No module specific data is present.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_OPEN_ERR</term>
+ <listitem>
+ <para>Failed to load module.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_PERM_DENIED</term>
+ <listitem>
+ <para>Permission denied.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_SERVICE_ERR</term>
+ <listitem>
+ <para>Error in service module.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_SESSION_ERR</term>
+ <listitem>
+ <para>Cannot make/remove an entry for the specified session.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_SUCCESS</term>
+ <listitem>
+ <para>Success.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_SYMBOL_ERR</term>
+ <listitem>
+ <para>Symbol not found.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_SYSTEM_ERR</term>
+ <listitem>
+ <para>System error.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_TRY_AGAIN</term>
+ <listitem>
+ <para>Failed preliminary check by password service.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_USER_UNKNOWN</term>
+ <listitem>
+ <para>User not known to the underlying authentication module.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='see_also'><title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>pam_acct_mgmt</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>, <citerefentry>
+ <refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>, <citerefentry>
+ <refentrytitle>pam_chauthtok</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>, <citerefentry>
+ <refentrytitle>pam_close_session</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>, <citerefentry>
+ <refentrytitle>pam_conv</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>, <citerefentry>
+ <refentrytitle>pam_end</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>, <citerefentry>
+ <refentrytitle>pam_get_data</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>, <citerefentry>
+ <refentrytitle>pam_getenv</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>, <citerefentry>
+ <refentrytitle>pam_getenvlist</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>, <citerefentry>
+ <refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>, <citerefentry>
+ <refentrytitle>pam_get_user</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>, <citerefentry>
+ <refentrytitle>pam_open_session</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>, <citerefentry>
+ <refentrytitle>pam_putenv</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>, <citerefentry>
+ <refentrytitle>pam_set_data</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>, <citerefentry>
+ <refentrytitle>pam_set_item</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>, <citerefentry>
+ <refentrytitle>pam_setcred</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>, <citerefentry>
+ <refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>, <citerefentry>
+ <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+ <refsect1 id='pam3-notes'><title>NOTES</title>
+ <para>
+ The <emphasis>libpam</emphasis> interfaces are only thread-safe if each
+ thread within the multithreaded application uses its own PAM handle.
+ </para>
+ </refsect1>
+</refentry>