+2006-06-19 Thorsten Kukuk <kukuk@thkukuk.de>
+
+ * doc/man/pam.8.xml: Syntax cleanup.
+ * doc/pam/PAM.8: Regenerated from xml source.
+ * man/pam_sm_chauthtok.3: New.
+ * man/pam_sm_chauthtok.3.xml: New.
+ * man/pam_sm_close_session.3: New.
+ * man/pam_sm_close_session.3.xml: New.
+ * man/pam_sm_open_session.3: New.
+ * man/pam_sm_open_session.3.xml: New.
+ * man/pam_sm_authenticate.3: New.
+ * man/pam_sm_authenticate.3.xml: New.
+ * man/pam_sm_setcred.3: New.
+ * man/pam_sm_setcred.3.xml: New.
+ * man/Makefile.am: Add new pam_sm_* manual pages.
+
+ * specs/Makefile.am: Fix rule to generate draft.
+
2006-06-18 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_tally/Makefile.am: Include Make.xml.rules.
pam_open_session.3 \
pam_prompt.3 pam_putenv.3 \
pam_set_data.3 pam_set_item.3 pam_syslog.3 \
- pam_setcred.3 pam_sm_acct_mgmt.3 pam_start.3 pam_strerror.3 \
+ pam_setcred.3 pam_sm_acct_mgmt.3 pam_sm_authenticate.3 \
+ pam_sm_close_session.3 pam_sm_open_session.3 pam_sm_setcred.3 \
+ pam_sm_chauthtok.3 pam_start.3 pam_strerror.3 \
pam_verror.3 pam_vinfo.3 pam_vprompt.3 pam_vsyslog.3
XMLS = pam.3.xml pam.8.xml \
pam_acct_mgmt.3.xml pam_authenticate.3.xml \
pam_open_session.3.xml \
pam_prompt.3.xml pam_putenv.3.xml \
pam_set_data.3.xml pam_set_item.3.xml pam_syslog.3.xml \
- pam_setcred.3.xml pam_sm_acct_mgmt.3.xml \
- pam_start.3.xml pam_strerror.3.xml \
+ pam_setcred.3.xml pam_sm_acct_mgmt.3.xml pam_sm_authenticate.3.xml \
+ pam_sm_close_session.3.xml pam_sm_open_session.3.xml \
+ pam_sm_setcred.3.xml pam_start.3.xml pam_strerror.3.xml \
+ pam_sm_chauthtok.3.xml \
pam_item_types.inc.xml
if ENABLE_REGENERATE_MAN
.\" Title: pam
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\" Date: 06/02/2006
+.\" Date: 06/19/2006
.\" Manual: Linux\-PAM Manual
.\" Source: Linux\-PAM Manual
.\"
-.TH "PAM" "8" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM" "8" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
\fBLinux\-PAM\fR. For more information the reader is directed to the
\fBLinux\-PAM system administrators' guide\fR.
.PP
+
\fBLinux\-PAM\fR
-Is a system of libraries that handle the authentication tasks of applications (services) on the system. The library provides a stable general interface (Application Programming Interface \- API) that privilege granting programs (such as
+is a system of libraries that handle the authentication tasks of applications (services) on the system. The library provides a stable general interface (Application Programming Interface \- API) that privilege granting programs (such as
\fBlogin\fR(1)
and
\fBsu\fR(1)) defer to to perform standard authentication tasks.
configuration file
\fI/etc/pam.conf\fR. Alternatively, the configuration can be set by individual configuration files located in the
\fI/etc/pam.d/\fR
-directory.
-\fIThe presence of this directory will cause \fR\fBLinux\-PAM\fR\fI to ignore\fR
+directory. The presence of this directory will cause
+\fBLinux\-PAM\fR
+to
+\fIignore\fR
\fI/etc/pam.conf\fR.
.PP
From the point of view of the system administrator, for whom this manual is provided, it is not of primary importance to understand the internal behavior of the
\fBsession\fR
management group is important as it provides both an opening and closing hook for modules to affect the services available to a user.
.SH "FILES"
-.PP
+.TP 3n
\fI/etc/pam.conf\fR
-\- the configuration file
-
-\fI/etc/pam.d/\fR
-\- the
+the configuration file
+.TP 3n
+\fI/etc/pam.d\fR
+the
\fBLinux\-PAM\fR
configuration directory. Generally, if this directory is present, the
\fI/etc/pam.conf\fR
file is ignored.
-
-\fI/lib/libpam.so.X\fR
-\- the dynamic library
-
-\fI/lib/security/*.so\fR
-\- the PAMs
.SH "ERRORS"
.PP
Typically errors generated by the
\fBsyslog\fR(3).
.SH "CONFORMING TO"
.PP
-DCE\-RFC 86.0, October 1995.
-Contains additional features, but remains backwardly compatible with this RFC.
-.SH "BUGS"
-.PP
-None known.
+DCE\-RFC 86.0, October 1995. Contains additional features, but remains backwardly compatible with this RFC.
.SH "SEE ALSO"
.PP
-The three
-\fBLinux\-PAM\fR
-Guides, for
-\fBsystem administrators\fR,
-\fBmodule developers\fR, and
-\fBapplication developers\fR.
+
+\fBpam\fR(3),
+\fBpam_authenticate\fR(3),
+\fBpam_sm_setcred\fR(3),
+\fBpam_strerror\fR(3),
+\fBPAM\fR(8)
.\" Title: pam
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\" Date: 06/02/2006
+.\" Date: 06/19/2006
.\" Manual: Linux\-PAM Manual
.\" Source: Linux\-PAM Manual
.\"
-.TH "PAM" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
"http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
-<refentry id='pam'>
+<refentry id='pam8'>
<refmeta>
<refentrytitle>pam</refentrytitle>
<refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
</refmeta>
- <refnamediv id='pam-name'>
+ <refnamediv id='pam8-name'>
<refname>PAM</refname>
<refname>pam</refname>
<refpurpose>Pluggable Authentication Modules for Linux</refpurpose>
</refnamediv>
-<!-- body begins here -->
-
-<refsect1 id='description'><title>DESCRIPTION</title>
-<para>This manual is intended to offer a quick introduction to
-<emphasis remap='B'>Linux-PAM</emphasis>.
-For more information the reader is directed to the
-<emphasis remap='B'>Linux-PAM system administrators' guide</emphasis>.</para>
-
-
-<para><emphasis remap='B'>Linux-PAM</emphasis>
-Is a system of libraries that handle the authentication tasks of
-applications (services) on the system. The library provides a stable
-general interface (Application Programming Interface - API) that
-privilege granting programs (such as
-<citerefentry><refentrytitle>login</refentrytitle><manvolnum>1</manvolnum></citerefentry>
-and
-<citerefentry><refentrytitle>su</refentrytitle><manvolnum>1</manvolnum></citerefentry>)
-defer to to perform standard authentication tasks.</para>
-
-
-<para>The principal feature of the PAM approach is that the nature of the
-authentication is dynamically configurable. In other words, the
-system administrator is free to choose how individual
-service-providing applications will authenticate users. This dynamic
-configuration is set by the contents of the single
-<emphasis remap='B'>Linux-PAM</emphasis>
-configuration file
-<filename>/etc/pam.conf</filename>.
-Alternatively, the configuration can be set by individual
-configuration files located in the
-<filename>/etc/pam.d/</filename>
-directory.
-<emphasis remap='I'>The presence of this directory will cause </emphasis><emphasis remap='B'>Linux-PAM</emphasis><emphasis remap='I'> to ignore</emphasis>
-<filename>/etc/pam.conf</filename><literal>.</literal></para>
+ <refsect1 id='pam8-description'>
+ <title>DESCRIPTION</title>
+ <para>
+ This manual is intended to offer a quick introduction to
+ <emphasis remap='B'>Linux-PAM</emphasis>. For more information
+ the reader is directed to the
+ <emphasis remap='B'>Linux-PAM system administrators' guide</emphasis>.
+ </para>
+
+ <para>
+ <emphasis remap='B'>Linux-PAM</emphasis> is a system of libraries
+ that handle the authentication tasks of applications (services) on
+ the system. The library provides a stable general interface
+ (Application Programming Interface - API) that privilege granting
+ programs (such as <citerefentry>
+ <refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
+ </citerefentry> and <citerefentry>
+ <refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
+ </citerefentry>) defer to to perform standard authentication tasks.
+ </para>
+
+ <para>
+ The principal feature of the PAM approach is that the nature of the
+ authentication is dynamically configurable. In other words, the
+ system administrator is free to choose how individual
+ service-providing applications will authenticate users. This dynamic
+ configuration is set by the contents of the single
+ <emphasis remap='B'>Linux-PAM</emphasis> configuration file
+ <filename>/etc/pam.conf</filename>. Alternatively, the configuration
+ can be set by individual configuration files located in the
+ <filename>/etc/pam.d/</filename> directory. The presence of this
+ directory will cause <emphasis remap='B'>Linux-PAM</emphasis> to
+ <emphasis remap='I'>ignore</emphasis>
+ <filename>/etc/pam.conf</filename>.
+ </para>
<para>From the point of view of the system administrator, for whom this
separates the tasks of
<emphasis remap='I'>authentication</emphasis>
into four independent management groups:
-<emphasis remap='B'>account</emphasis> management;
-<emphasis remap='B'>auth</emphasis>entication management;
-<emphasis remap='B'>password</emphasis> management;
+<emphasis remap='B'>account</emphasis> management;
+<emphasis remap='B'>auth</emphasis>entication management;
+<emphasis remap='B'>password</emphasis> management;
and
<emphasis remap='B'>session</emphasis> management.
(We highlight the abbreviations used for these groups in the
user's request for a restricted service:</para>
-<para><emphasis remap='B'>account</emphasis> -
+<para><emphasis remap='B'>account</emphasis> -
provide account verification types of service: has the user's password
expired?; is this user permitted access to the requested service?</para>
<!-- .br -->
-<para><emphasis remap='B'>auth</emphasis>entication -
+<para><emphasis remap='B'>auth</emphasis>entication -
authenticate a user and set up user credentials. Typically this is via
some challenge-response request that the user must satisfy: if you are
who you claim to be please enter your password. Not all authentications
<emphasis remap='B'>Linux-PAM</emphasis>.</para>
<!-- .br -->
-<para><emphasis remap='B'>password</emphasis> -
+<para><emphasis remap='B'>password</emphasis> -
this group's responsibility is the task of updating authentication
mechanisms. Typically, such services are strongly coupled to those of
the
the obvious example: please enter a replacement password.</para>
<!-- .br -->
-<para><emphasis remap='B'>session</emphasis> -
+<para><emphasis remap='B'>session</emphasis> -
this group of tasks cover things that should be done prior to a
service being given and after it is withdrawn. Such tasks include the
maintenance of audit trails and the mounting of the user's home
</refsect1>
-<refsect1 id='files'><title>FILES</title>
-<para><filename>/etc/pam.conf</filename> - the configuration file
-<!-- .br -->
-<filename>/etc/pam.d/</filename> - the
-<emphasis remap='B'>Linux-PAM</emphasis>
-configuration directory. Generally, if this directory is present, the
-<filename>/etc/pam.conf</filename>
-file is ignored.
-<!-- .br -->
-<filename>/lib/libpam.so.X</filename> - the dynamic library
-<!-- .br -->
-<filename>/lib/security/*.so</filename> - the PAMs</para>
-
-</refsect1>
-
-<refsect1 id='errors'><title>ERRORS</title>
-<para>Typically errors generated by the
-<emphasis remap='B'>Linux-PAM</emphasis>
-system of libraries, will be written to
-<citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>.</para>
-
-</refsect1>
-
-<refsect1 id='conforming_to'><title>CONFORMING TO</title>
-<para>DCE-RFC 86.0, October 1995.
-<!-- .br -->
-Contains additional features, but remains backwardly compatible with
-this RFC.</para>
-
-</refsect1>
-
-<refsect1 id='bugs'><title>BUGS</title>
-
-
-<para>None known.</para>
-
-</refsect1>
-
-<refsect1 id='see_also'><title>SEE ALSO</title>
-<para>The three
-<emphasis remap='B'>Linux-PAM</emphasis>
-Guides, for
-<emphasis remap='B'>system administrators</emphasis>,
-<emphasis remap='B'>module developers</emphasis>,
-and
-<emphasis remap='B'>application developers</emphasis>. </para>
-</refsect1>
+ <refsect1 id='pam8-files'>
+ <title>FILES</title>
+ <variablelist>
+ <varlistentry>
+ <term><filename>/etc/pam.conf</filename></term>
+ <listitem>
+ <para>the configuration file</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><filename>/etc/pam.d</filename></term>
+ <listitem>
+ <para>
+ the <emphasis remap='B'>Linux-PAM</emphasis> configuration
+ directory. Generally, if this directory is present, the
+ <filename>/etc/pam.conf</filename> file is ignored.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='pam8-errors'>
+ <title>ERRORS</title>
+ <para>
+ Typically errors generated by the
+ <emphasis remap='B'>Linux-PAM</emphasis> system of libraries, will
+ be written to <citerefentry>
+ <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>.
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam8-conforming_to'>
+ <title>CONFORMING TO</title>
+ <para>
+ DCE-RFC 86.0, October 1995.
+ Contains additional features, but remains backwardly compatible
+ with this RFC.
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam8-see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>pam</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_sm_setcred</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
</refentry>
-
.\" Title: pam.conf
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\" Date: 06/02/2006
+.\" Date: 06/19/2006
.\" Manual: Linux\-PAM Manual
.\" Source: Linux\-PAM Manual
.\"
-.TH "PAM.CONF" "5" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM.CONF" "5" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.\" Title: pam_acct_mgmt
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\" Date: 06/02/2006
+.\" Date: 06/19/2006
.\" Manual: Linux\-PAM Manual
.\" Source: Linux\-PAM Manual
.\"
-.TH "PAM_ACCT_MGMT" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_ACCT_MGMT" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.\" Title: pam_authenticate
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\" Date: 06/02/2006
+.\" Date: 06/19/2006
.\" Manual: Linux\-PAM Manual
.\" Source: Linux\-PAM Manual
.\"
-.TH "PAM_AUTHENTICATE" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_AUTHENTICATE" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.\" Title: pam_chauthtok
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\" Date: 06/02/2006
+.\" Date: 06/19/2006
.\" Manual: Linux\-PAM Manual
.\" Source: Linux\-PAM Manual
.\"
-.TH "PAM_CHAUTHTOK" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_CHAUTHTOK" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.\" Title: pam_close_session
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\" Date: 06/02/2006
+.\" Date: 06/19/2006
.\" Manual: Linux\-PAM Manual
.\" Source: Linux\-PAM Manual
.\"
-.TH "PAM_CLOSE_SESSION" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_CLOSE_SESSION" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.\" Title: pam_conv
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\" Date: 06/02/2006
+.\" Date: 06/19/2006
.\" Manual: Linux\-PAM Manual
.\" Source: Linux\-PAM Manual
.\"
-.TH "PAM_CONV" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_CONV" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.\" Title: pam_end
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\" Date: 06/02/2006
+.\" Date: 06/19/2006
.\" Manual: Linux\-PAM Manual
.\" Source: Linux\-PAM Manual
.\"
-.TH "PAM_END" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_END" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.\" Title: pam_error
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\" Date: 06/02/2006
+.\" Date: 06/19/2006
.\" Manual: Linux\-PAM Manual
.\" Source: Linux\-PAM Manual
.\"
-.TH "PAM_ERROR" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_ERROR" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.\" Title: pam_fail_delay
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\" Date: 06/02/2006
+.\" Date: 06/19/2006
.\" Manual: Linux\-PAM Manual
.\" Source: Linux\-PAM Manual
.\"
-.TH "PAM_FAIL_DELAY" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_FAIL_DELAY" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.\" Title: pam_get_data
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\" Date: 06/02/2006
+.\" Date: 06/19/2006
.\" Manual: Linux\-PAM Manual
.\" Source: Linux\-PAM Manual
.\"
-.TH "PAM_GET_DATA" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_GET_DATA" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.\" Title: pam_get_item
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\" Date: 06/02/2006
+.\" Date: 06/19/2006
.\" Manual: Linux\-PAM Manual
.\" Source: Linux\-PAM Manual
.\"
-.TH "PAM_GET_ITEM" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_GET_ITEM" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.\" Title: pam_get_user
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\" Date: 06/02/2006
+.\" Date: 06/19/2006
.\" Manual: Linux\-PAM Manual
.\" Source: Linux\-PAM Manual
.\"
-.TH "PAM_GET_USER" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_GET_USER" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.\" Title: pam_getenv
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\" Date: 06/02/2006
+.\" Date: 06/19/2006
.\" Manual: Linux\-PAM Manual
.\" Source: Linux\-PAM Manual
.\"
-.TH "PAM_GETENV" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_GETENV" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.\" Title: pam_getenvlist
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\" Date: 06/02/2006
+.\" Date: 06/19/2006
.\" Manual: Linux\-PAM Manual
.\" Source: Linux\-PAM Manual
.\"
-.TH "PAM_GETENVLIST" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_GETENVLIST" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.\" Title: pam_info
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\" Date: 06/02/2006
+.\" Date: 06/19/2006
.\" Manual: Linux\-PAM Manual
.\" Source: Linux\-PAM Manual
.\"
-.TH "PAM_INFO" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_INFO" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.\" Title: pam_open_session
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\" Date: 06/02/2006
+.\" Date: 06/19/2006
.\" Manual: Linux\-PAM Manual
.\" Source: Linux\-PAM Manual
.\"
-.TH "PAM_OPEN_SESSION" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_OPEN_SESSION" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.\" Title: pam_prompt
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\" Date: 06/02/2006
+.\" Date: 06/19/2006
.\" Manual: Linux\-PAM Manual
.\" Source: Linux\-PAM Manual
.\"
-.TH "PAM_PROMPT" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_PROMPT" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.\" Title: pam_putenv
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\" Date: 06/02/2006
+.\" Date: 06/19/2006
.\" Manual: Linux\-PAM Manual
.\" Source: Linux\-PAM Manual
.\"
-.TH "PAM_PUTENV" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_PUTENV" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.\" Title: pam_set_data
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\" Date: 06/02/2006
+.\" Date: 06/19/2006
.\" Manual: Linux\-PAM Manual
.\" Source: Linux\-PAM Manual
.\"
-.TH "PAM_SET_DATA" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_SET_DATA" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.\" Title: pam_set_item
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\" Date: 06/02/2006
+.\" Date: 06/19/2006
.\" Manual: Linux\-PAM Manual
.\" Source: Linux\-PAM Manual
.\"
-.TH "PAM_SET_ITEM" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_SET_ITEM" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.\" Title: pam_setcred
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\" Date: 06/02/2006
+.\" Date: 06/19/2006
.\" Manual: Linux\-PAM Manual
.\" Source: Linux\-PAM Manual
.\"
-.TH "PAM_SETCRED" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_SETCRED" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.\" Title: pam_sm_acct_mgmt
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\" Date: 06/02/2006
+.\" Date: 06/19/2006
.\" Manual: Linux\-PAM Manual
.\" Source: Linux\-PAM Manual
.\"
-.TH "PAM_SM_ACCT_MGMT" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_SM_ACCT_MGMT" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.SH "NAME"
-pam_sm_acct_mgmt \- PAM service module for account management
+pam_sm_acct_mgmt \- PAM service function for account management
.SH "SYNOPSIS"
.sp
-.RS 3n
+.ft B
.nf
#define PAM_SM_ACCOUNT
.fi
-.RE
+.ft
.sp
.ft B
.nf
\fBPAM_AUTH_ERR\fR
if the database of authentication tokens for this authentication mechanism has a
\fINULL\fR
-entry for the user
+entry for the user.
.SH "RETURN VALUES"
.TP 3n
PAM_ACCT_EXPIRED
<refnamediv id="pam_sm_acct_mgmt-name">
<refname>pam_sm_acct_mgmt</refname>
- <refpurpose>PAM service module for account management</refpurpose>
+ <refpurpose>PAM service function for account management</refpurpose>
</refnamediv>
<!-- body begins here -->
<refsynopsisdiv id='pam_sm_acct_mgmt-synopsis'>
- <programlisting>#define PAM_SM_ACCOUNT</programlisting>
<funcsynopsis>
+ <funcsynopsisinfo>#define PAM_SM_ACCOUNT</funcsynopsisinfo>
<funcsynopsisinfo>#include <security/pam_modules.h></funcsynopsisinfo>
<funcprototype>
<funcdef>PAM_EXTERN int <function>pam_sm_acct_mgmt</function></funcdef>
<para>
Return <emphasis remap='B'>PAM_AUTH_ERR</emphasis> if the
database of authentication tokens for this authentication
- mechanism has a <emphasis>NULL</emphasis> entry for the user
+ mechanism has a <emphasis>NULL</emphasis> entry for the user.
</para>
</listitem>
</varlistentry>
--- /dev/null
+.\" Title: pam_sm_authenticate
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Date: 06/19/2006
+.\" Manual: Linux\-PAM Manual
+.\" Source: Linux\-PAM Manual
+.\"
+.TH "PAM_SM_AUTHENTICATE" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+pam_sm_authenticate \- PAM service function for user authentication
+.SH "SYNOPSIS"
+.sp
+.ft B
+.nf
+#define PAM_SM_AUTH
+.fi
+.ft
+.sp
+.ft B
+.nf
+#include <security/pam_modules.h>
+.fi
+.ft
+.HP 35
+.BI "PAM_EXTERN int pam_sm_authenticate(pam_handle_t\ *" "pamh" ", int\ " "flags" ", int\ " "argc" ", const\ char\ **" "argv" ");"
+.SH "DESCRIPTION"
+.PP
+The
+\fBpam_sm_authenticate\fR
+function is the service module's implementation of the
+\fBpam_authenticate\fR(3)
+interface.
+.PP
+This function performs the task of authenticating the user.
+.PP
+Valid flags, which may be logically OR'd with
+\fIPAM_SILENT\fR, are:
+.TP 3n
+PAM_SILENT
+Do not emit any messages.
+.TP 3n
+PAM_DISALLOW_NULL_AUTHTOK
+Return
+\fBPAM_AUTH_ERR\fR
+if the database of authentication tokens for this authentication mechanism has a
+\fINULL\fR
+entry for the user. Without this flag, such a
+\fINULL\fR
+token will lead to a success without the user being prompted.
+.SH "RETURN VALUES"
+.TP 3n
+PAM_AUTH_ERR
+Authentication failure.
+.TP 3n
+PAM_CRED_INSUFFICIENT
+For some reason the application does not have sufficient credentials to authenticate the user.
+.TP 3n
+PAM_AUTHINFO_UNAVAIL
+The modules were not able to access the authentication information. This might be due to a network or hardware failure etc.
+.TP 3n
+PAM_SUCCESS
+The authentication token was successfully updated.
+.TP 3n
+PAM_USER_UNKNOWN
+The supplied username is not known to the authentication service.
+.TP 3n
+PAM_MAXTRIES
+One or more of the authentication modules has reached its limit of tries authenticating the user. Do not try again.
+.SH "SEE ALSO"
+.PP
+
+\fBpam\fR(3),
+\fBpam_authenticate\fR(3),
+\fBpam_sm_setcred\fR(3),
+\fBpam_strerror\fR(3),
+\fBPAM\fR(8)
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
+<refentry id='pam_sm_authenticate'>
+ <refmeta>
+ <refentrytitle>pam_sm_authenticate</refentrytitle>
+ <manvolnum>3</manvolnum>
+ <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id="pam_sm_authenticate-name">
+ <refname>pam_sm_authenticate</refname>
+ <refpurpose>PAM service function for user authentication</refpurpose>
+ </refnamediv>
+
+<!-- body begins here -->
+
+ <refsynopsisdiv id='pam_sm_authenticate-synopsis'>
+ <funcsynopsis>
+ <funcsynopsisinfo>#define PAM_SM_AUTH</funcsynopsisinfo>
+ <funcsynopsisinfo>#include <security/pam_modules.h></funcsynopsisinfo>
+ <funcprototype>
+ <funcdef>PAM_EXTERN int <function>pam_sm_authenticate</function></funcdef>
+ <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef>
+ <paramdef>int <parameter>flags</parameter></paramdef>
+ <paramdef>int <parameter>argc</parameter></paramdef>
+ <paramdef>const char **<parameter>argv</parameter></paramdef>
+ </funcprototype>
+ </funcsynopsis>
+ </refsynopsisdiv>
+
+
+ <refsect1 id='pam_sm_authenticate-description'>
+ <title>DESCRIPTION</title>
+ <para>
+ The <function>pam_sm_authenticate</function> function is the service
+ module's implementation of the
+ <citerefentry>
+ <refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry> interface.
+ </para>
+ <para>
+ This function performs the task of authenticating the user.
+ </para>
+ <para>
+ Valid flags, which may be logically OR'd with
+ <emphasis>PAM_SILENT</emphasis>, are:
+ </para>
+ <variablelist>
+ <varlistentry>
+ <term>PAM_SILENT</term>
+ <listitem>
+ <para>
+ Do not emit any messages.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_DISALLOW_NULL_AUTHTOK</term>
+ <listitem>
+ <para>
+ Return <emphasis remap='B'>PAM_AUTH_ERR</emphasis> if the
+ database of authentication tokens for this authentication
+ mechanism has a <emphasis>NULL</emphasis> entry for the user.
+ Without this flag, such a <emphasis>NULL</emphasis> token
+ will lead to a success without the user being prompted.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id="pam_sm_authenticate-return_values">
+ <title>RETURN VALUES</title>
+ <variablelist>
+ <varlistentry>
+ <term>PAM_AUTH_ERR</term>
+ <listitem>
+ <para>
+ Authentication failure.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_CRED_INSUFFICIENT</term>
+ <listitem>
+ <para>
+ For some reason the application does not have sufficient
+ credentials to authenticate the user.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_AUTHINFO_UNAVAIL</term>
+ <listitem>
+ <para>
+ The modules were not able to access the authentication
+ information. This might be due to a network or hardware
+ failure etc.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_SUCCESS</term>
+ <listitem>
+ <para>
+ The authentication token was successfully updated.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_USER_UNKNOWN</term>
+ <listitem>
+ <para>
+ The supplied username is not known to the authentication
+ service.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_MAXTRIES</term>
+ <listitem>
+ <para>
+ One or more of the authentication modules has reached its
+ limit of tries authenticating the user. Do not try again.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='pam_sm_authenticate-see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>pam</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_sm_setcred</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+</refentry>
--- /dev/null
+.\" Title: pam_sm_chauthtok
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Date: 06/19/2006
+.\" Manual: Linux\-PAM Manual
+.\" Source: Linux\-PAM Manual
+.\"
+.TH "PAM_SM_CHAUTHTOK" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+pam_sm_chauthtok \- PAM service function for account management
+.SH "SYNOPSIS"
+.sp
+.ft B
+.nf
+#define PAM_SM_PASSWORD
+.fi
+.ft
+.sp
+.ft B
+.nf
+#include <security/pam_modules.h>
+.fi
+.ft
+.HP 32
+.BI "PAM_EXTERN int pam_sm_chauthtok(pam_handle_t\ *" "pamh" ", int\ " "flags" ", int\ " "argc" ", const\ char\ **" "argv" ");"
+.SH "DESCRIPTION"
+.PP
+The
+\fBpam_sm_chauthtok\fR
+function is the service module's implementation of the
+\fBpam_chauthtok\fR(3)
+interface.
+.PP
+This function is used to (re\-)set the authentication token of the user.
+.PP
+Valid flags, which may be logically OR'd with
+\fIPAM_SILENT\fR, are:
+.TP 3n
+PAM_SILENT
+Do not emit any messages.
+.TP 3n
+PAM_CHANGE_EXPIRED_AUTHTOK
+This argument indicates to the module that the users authentication token (password) should only be changed if it has expired. This flag is optional and
+\fImust\fR
+be combined with one of the following two flags. Note, however, the following two options are
+\fImutually exclusive\fR.
+.TP 3n
+PAM_PRELIM_CHECK
+This indicates that the modules are being probed as to their ready status for altering the user's authentication token. If the module requires access to another system over some network it should attempt to verify it can connect to this system on receiving this flag. If a module cannot establish it is ready to update the user's authentication token it should return
+\fBPAM_TRY_AGAIN\fR, this information will be passed back to the application.
+.TP 3n
+PAM_UPDATE_AUTHTOK
+This informs the module that this is the call it should change the authorization tokens. If the flag is logically OR'd with
+\fBPAM_CHANGE_EXPIRED_AUTHTOK\fR, the token is only changed if it has actually expired.
+.PP
+The PAM library calls this function twice in succession. The first time with
+\fBPAM_PRELIM_CHECK\fR
+and then, if the module does not return
+\fBPAM_TRY_AGAIN\fR, subsequently with
+\fBPAM_UPDATE_AUTHTOK\fR. It is only on the second call that the authorization token is (possibly) changed.
+.SH "RETURN VALUES"
+.TP 3n
+PAM_AUTHTOK_ERR
+The module was unable to obtain the new authentication token.
+.TP 3n
+PAM_AUTHTOK_RECOVERY_ERR
+The module was unable to obtain the old authentication token.
+.TP 3n
+PAM_AUTHTOK_LOCK_BUSY
+Cannot change the authentication token since it is currently locked.
+.TP 3n
+PAM_AUTHTOK_DISABLE_AGING
+Authentication token aging has been disabled.
+.TP 3n
+PAM_PERM_DENIED
+Permission denied.
+.TP 3n
+PAM_TRY_AGAIN
+Preliminary check was unsuccessful. Signals an immediate return to the application is desired.
+.TP 3n
+PAM_SUCCESS
+The authentication token was successfully updated.
+.TP 3n
+PAM_USER_UNKNOWN
+User unknown to password service.
+.SH "SEE ALSO"
+.PP
+
+\fBpam\fR(3),
+\fBpam_chauthtok\fR(3),
+\fBpam_sm_chauthtok\fR(3),
+\fBpam_strerror\fR(3),
+\fBPAM\fR(8)
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
+<refentry id='pam_sm_chauthtok'>
+ <refmeta>
+ <refentrytitle>pam_sm_chauthtok</refentrytitle>
+ <manvolnum>3</manvolnum>
+ <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id="pam_sm_chauthtok-name">
+ <refname>pam_sm_chauthtok</refname>
+ <refpurpose>PAM service function for account management</refpurpose>
+ </refnamediv>
+
+<!-- body begins here -->
+
+ <refsynopsisdiv id='pam_sm_chauthtok-synopsis'>
+ <funcsynopsis>
+ <funcsynopsisinfo>#define PAM_SM_PASSWORD</funcsynopsisinfo>
+ <funcsynopsisinfo>#include <security/pam_modules.h></funcsynopsisinfo>
+ <funcprototype>
+ <funcdef>PAM_EXTERN int <function>pam_sm_chauthtok</function></funcdef>
+ <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef>
+ <paramdef>int <parameter>flags</parameter></paramdef>
+ <paramdef>int <parameter>argc</parameter></paramdef>
+ <paramdef>const char **<parameter>argv</parameter></paramdef>
+ </funcprototype>
+ </funcsynopsis>
+ </refsynopsisdiv>
+
+
+ <refsect1 id='pam_sm_chauthtok-description'>
+ <title>DESCRIPTION</title>
+ <para>
+ The <function>pam_sm_chauthtok</function> function is the service
+ module's implementation of the
+ <citerefentry>
+ <refentrytitle>pam_chauthtok</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry> interface.
+ </para>
+ <para>
+ This function is used to (re-)set the authentication token of the user.
+ </para>
+ <para>
+ Valid flags, which may be logically OR'd with
+ <emphasis>PAM_SILENT</emphasis>, are:
+ </para>
+ <variablelist>
+ <varlistentry>
+ <term>PAM_SILENT</term>
+ <listitem>
+ <para>
+ Do not emit any messages.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_CHANGE_EXPIRED_AUTHTOK</term>
+ <listitem>
+ <para>
+ This argument indicates to the module that the users
+ authentication token (password) should only be changed if
+ it has expired. This flag is optional and
+ <emphasis>must</emphasis> be combined with one of the
+ following two flags. Note, however, the following two options
+ are <emphasis>mutually exclusive</emphasis>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_PRELIM_CHECK</term>
+ <listitem>
+ <para>
+ This indicates that the modules are being probed as to
+ their ready status for altering the user's authentication
+ token. If the module requires access to another system over
+ some network it should attempt to verify it can connect to
+ this system on receiving this flag. If a module cannot establish
+ it is ready to update the user's authentication token it should
+ return <emphasis remap='B'>PAM_TRY_AGAIN</emphasis>, this
+ information will be passed back to the application.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_UPDATE_AUTHTOK</term>
+ <listitem>
+ <para>
+ This informs the module that this is the call it should change
+ the authorization tokens. If the flag is logically OR'd with
+ <emphasis remap='B'>PAM_CHANGE_EXPIRED_AUTHTOK</emphasis>, the
+ token is only changed if it has actually expired.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ <para>
+ The PAM library calls this function twice in succession. The first
+ time with <emphasis remap='B'>PAM_PRELIM_CHECK</emphasis> and then,
+ if the module does not return
+ <emphasis remap='B'>PAM_TRY_AGAIN</emphasis>, subsequently with
+ <emphasis remap='B'>PAM_UPDATE_AUTHTOK</emphasis>. It is only on
+ the second call that the authorization token is (possibly) changed.
+ </para>
+ </refsect1>
+
+ <refsect1 id="pam_sm_chauthtok-return_values">
+ <title>RETURN VALUES</title>
+ <variablelist>
+ <varlistentry>
+ <term>PAM_AUTHTOK_ERR</term>
+ <listitem>
+ <para>
+ The module was unable to obtain the new authentication token.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_AUTHTOK_RECOVERY_ERR</term>
+ <listitem>
+ <para>
+ The module was unable to obtain the old authentication token.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_AUTHTOK_LOCK_BUSY</term>
+ <listitem>
+ <para>
+ Cannot change the authentication token since it is currently
+ locked.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_AUTHTOK_DISABLE_AGING</term>
+ <listitem>
+ <para>
+ Authentication token aging has been disabled.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_PERM_DENIED</term>
+ <listitem>
+ <para>
+ Permission denied.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_TRY_AGAIN</term>
+ <listitem>
+ <para>
+ Preliminary check was unsuccessful. Signals an immediate
+ return to the application is desired.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_SUCCESS</term>
+ <listitem>
+ <para>
+ The authentication token was successfully updated.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_USER_UNKNOWN</term>
+ <listitem>
+ <para>
+ User unknown to password service.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='pam_sm_chauthtok-see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>pam</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_chauthtok</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_sm_chauthtok</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+</refentry>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
+<refentry id='pam_sm_acct_mgmt'>
+ <refmeta>
+ <refentrytitle>pam_sm_acct_mgmt</refentrytitle>
+ <manvolnum>3</manvolnum>
+ <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id="pam_sm_acct_mgmt-name">
+ <refname>pam_sm_acct_mgmt</refname>
+ <refpurpose>PAM service function for account management</refpurpose>
+ </refnamediv>
+
+<!-- body begins here -->
+
+ <refsynopsisdiv id='pam_sm_acct_mgmt-synopsis'>
+ <funcsynopsis>
+ <funcsynopsisinfo>#define PAM_SM_ACCOUNT</funcsynopsisinfo>
+ <funcsynopsisinfo>#include <security/pam_modules.h></funcsynopsisinfo>
+ <funcprototype>
+ <funcdef>PAM_EXTERN int <function>pam_sm_acct_mgmt</function></funcdef>
+ <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef>
+ <paramdef>int <parameter>flags</parameter></paramdef>
+ <paramdef>int <parameter>argc</parameter></paramdef>
+ <paramdef>const char **<parameter>argv</parameter></paramdef>
+ </funcprototype>
+ </funcsynopsis>
+ </refsynopsisdiv>
+
+
+ <refsect1 id='pam_sm_acct_mgmt-description'>
+ <title>DESCRIPTION</title>
+ <para>
+ The <function>pam_sm_acct_mgmt</function> function is the service
+ module's implementation of the
+ <citerefentry>
+ <refentrytitle>pam_acct_mgmt</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry> interface.
+ </para>
+ <para>
+ This function performs the task of establishing whether the user is
+ permitted to gain access at this time. It should be understood that
+ the user has previously been validated by an authentication
+ module. This function checks for other things. Such things might be:
+ the time of day or the date, the terminal line, remote hostname, etc.
+ This function may also determine things like the expiration on
+ passwords, and respond that the user change it before continuing.
+ </para>
+ <para>
+ Valid flags, which may be logically OR'd with
+ <emphasis>PAM_SILENT</emphasis>, are:
+ </para>
+ <variablelist>
+ <varlistentry>
+ <term>PAM_SILENT</term>
+ <listitem>
+ <para>
+ Do not emit any messages.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_DISALLOW_NULL_AUTHTOK</term>
+ <listitem>
+ <para>
+ Return <emphasis remap='B'>PAM_AUTH_ERR</emphasis> if the
+ database of authentication tokens for this authentication
+ mechanism has a <emphasis>NULL</emphasis> entry for the user.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id="pam_sm_acct_mgmt-return_values">
+ <title>RETURN VALUES</title>
+ <variablelist>
+ <varlistentry>
+ <term>PAM_ACCT_EXPIRED</term>
+ <listitem>
+ <para>
+ User account has expired.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_AUTH_ERR</term>
+ <listitem>
+ <para>
+ Authentication failure.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_NEW_AUTHTOK_REQD</term>
+ <listitem>
+ <para>
+ The user's authentication token has expired. Before calling
+ this function again the application will arrange for a new
+ one to be given. This will likely result in a call to
+ <function>pam_sm_chauthtok()</function>.
+
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_PERM_DENIED</term>
+ <listitem>
+ <para>
+ Permission denied.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_SUCCESS</term>
+ <listitem>
+ <para>
+ The authentication token was successfully updated.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_USER_UNKNOWN</term>
+ <listitem>
+ <para>
+ User unknown to password service.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='pam_sm_acct_mgmt-see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>pam</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_acct_mgmt</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_sm_chauthtok</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+</refentry>
--- /dev/null
+.\" Title: pam_sm_close_session
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Date: 06/19/2006
+.\" Manual: Linux\-PAM Manual
+.\" Source: Linux\-PAM Manual
+.\"
+.TH "PAM_SM_CLOSE_SESSION" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+pam_sm_close_session \- PAM service function for session management
+.SH "SYNOPSIS"
+.sp
+.ft B
+.nf
+#define PAM_SM_SESSION
+.fi
+.ft
+.sp
+.ft B
+.nf
+#include <security/pam_modules.h>
+.fi
+.ft
+.HP 36
+.BI "PAM_EXTERN int pam_sm_close_session(pam_handle_t\ *" "pamh" ", int\ " "flags" ", int\ " "argc" ", const\ char\ **" "argv" ");"
+.SH "DESCRIPTION"
+.PP
+The
+\fBpam_sm_close_session\fR
+function is the service module's implementation of the
+\fBpam_close_session\fR(3)
+interface.
+.PP
+This function is called to terminate a session. The only valid value for
+\fIflags\fR
+is zero or:
+.TP 3n
+PAM_SILENT
+Do not emit any messages.
+.SH "RETURN VALUES"
+.TP 3n
+PAM_SESSION_ERR
+Cannot make/remove an entry for the specified session.
+.TP 3n
+PAM_SUCCESS
+The session was successfully terminated.
+.SH "SEE ALSO"
+.PP
+
+\fBpam\fR(3),
+\fBpam_close_session\fR(3),
+\fBpam_sm_close_session\fR(3),
+\fBpam_strerror\fR(3),
+\fBPAM\fR(8)
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
+ "http://www.oasis-close.org/docbook/xml/4.1.2/docbookx.dtd">
+<refentry id='pam_sm_close_session'>
+ <refmeta>
+ <refentrytitle>pam_sm_close_session</refentrytitle>
+ <manvolnum>3</manvolnum>
+ <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id="pam_sm_close_session-name">
+ <refname>pam_sm_close_session</refname>
+ <refpurpose>PAM service function for session management</refpurpose>
+ </refnamediv>
+
+<!-- body begins here -->
+
+ <refsynopsisdiv id='pam_sm_close_session-synopsis'>
+ <funcsynopsis>
+ <funcsynopsisinfo>#define PAM_SM_SESSION</funcsynopsisinfo>
+ <funcsynopsisinfo>#include <security/pam_modules.h></funcsynopsisinfo>
+ <funcprototype>
+ <funcdef>PAM_EXTERN int <function>pam_sm_close_session</function></funcdef>
+ <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef>
+ <paramdef>int <parameter>flags</parameter></paramdef>
+ <paramdef>int <parameter>argc</parameter></paramdef>
+ <paramdef>const char **<parameter>argv</parameter></paramdef>
+ </funcprototype>
+ </funcsynopsis>
+ </refsynopsisdiv>
+
+
+ <refsect1 id='pam_sm_close_session-description'>
+ <title>DESCRIPTION</title>
+ <para>
+ The <function>pam_sm_close_session</function> function is the service
+ module's implementation of the
+ <citerefentry>
+ <refentrytitle>pam_close_session</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry> interface.
+ </para>
+ <para>
+ This function is called to terminate a session. The only valid
+ value for <varname role='parameter'>flags</varname> is zero or:
+ </para>
+ <variablelist>
+ <varlistentry>
+ <term>PAM_SILENT</term>
+ <listitem>
+ <para>
+ Do not emit any messages.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id="pam_sm_close_session-return_values">
+ <title>RETURN VALUES</title>
+ <variablelist>
+ <varlistentry>
+ <term>PAM_SESSION_ERR</term>
+ <listitem>
+ <para>
+ Cannot make/remove an entry for the specified session.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_SUCCESS</term>
+ <listitem>
+ <para>
+ The session was successfully terminated.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='pam_sm_close_session-see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>pam</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_close_session</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_sm_close_session</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+</refentry>
--- /dev/null
+.\" Title: pam_sm_open_session
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Date: 06/19/2006
+.\" Manual: Linux\-PAM Manual
+.\" Source: Linux\-PAM Manual
+.\"
+.TH "PAM_SM_OPEN_SESSION" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+pam_sm_open_session \- PAM service function for session management
+.SH "SYNOPSIS"
+.sp
+.ft B
+.nf
+#define PAM_SM_SESSION
+.fi
+.ft
+.sp
+.ft B
+.nf
+#include <security/pam_modules.h>
+.fi
+.ft
+.HP 35
+.BI "PAM_EXTERN int pam_sm_open_session(pam_handle_t\ *" "pamh" ", int\ " "flags" ", int\ " "argc" ", const\ char\ **" "argv" ");"
+.SH "DESCRIPTION"
+.PP
+The
+\fBpam_sm_open_session\fR
+function is the service module's implementation of the
+\fBpam_open_session\fR(3)
+interface.
+.PP
+This function is called to commence a session. The only valid value for
+\fIflags\fR
+is zero or:
+.TP 3n
+PAM_SILENT
+Do not emit any messages.
+.SH "RETURN VALUES"
+.TP 3n
+PAM_SESSION_ERR
+Cannot make/remove an entry for the specified session.
+.TP 3n
+PAM_SUCCESS
+The session was successfully started.
+.SH "SEE ALSO"
+.PP
+
+\fBpam\fR(3),
+\fBpam_open_session\fR(3),
+\fBpam_sm_close_session\fR(3),
+\fBpam_strerror\fR(3),
+\fBPAM\fR(8)
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
+<refentry id='pam_sm_open_session'>
+ <refmeta>
+ <refentrytitle>pam_sm_open_session</refentrytitle>
+ <manvolnum>3</manvolnum>
+ <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id="pam_sm_open_session-name">
+ <refname>pam_sm_open_session</refname>
+ <refpurpose>PAM service function for session management</refpurpose>
+ </refnamediv>
+
+<!-- body begins here -->
+
+ <refsynopsisdiv id='pam_sm_open_session-synopsis'>
+ <funcsynopsis>
+ <funcsynopsisinfo>#define PAM_SM_SESSION</funcsynopsisinfo>
+ <funcsynopsisinfo>#include <security/pam_modules.h></funcsynopsisinfo>
+ <funcprototype>
+ <funcdef>PAM_EXTERN int <function>pam_sm_open_session</function></funcdef>
+ <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef>
+ <paramdef>int <parameter>flags</parameter></paramdef>
+ <paramdef>int <parameter>argc</parameter></paramdef>
+ <paramdef>const char **<parameter>argv</parameter></paramdef>
+ </funcprototype>
+ </funcsynopsis>
+ </refsynopsisdiv>
+
+
+ <refsect1 id='pam_sm_open_session-description'>
+ <title>DESCRIPTION</title>
+ <para>
+ The <function>pam_sm_open_session</function> function is the service
+ module's implementation of the
+ <citerefentry>
+ <refentrytitle>pam_open_session</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry> interface.
+ </para>
+ <para>
+ This function is called to commence a session. The only valid
+ value for <varname role='parameter'>flags</varname> is zero or:
+ </para>
+ <variablelist>
+ <varlistentry>
+ <term>PAM_SILENT</term>
+ <listitem>
+ <para>
+ Do not emit any messages.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id="pam_sm_open_session-return_values">
+ <title>RETURN VALUES</title>
+ <variablelist>
+ <varlistentry>
+ <term>PAM_SESSION_ERR</term>
+ <listitem>
+ <para>
+ Cannot make/remove an entry for the specified session.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_SUCCESS</term>
+ <listitem>
+ <para>
+ The session was successfully started.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='pam_sm_open_session-see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>pam</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_open_session</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_sm_close_session</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+</refentry>
--- /dev/null
+.\" Title: pam_sm_setcred
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Date: 06/19/2006
+.\" Manual: Linux\-PAM Manual
+.\" Source: Linux\-PAM Manual
+.\"
+.TH "PAM_SM_SETCRED" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+pam_sm_setcred \- PAM service function to alter credentials
+.SH "SYNOPSIS"
+.sp
+.ft B
+.nf
+#define PAM_SM_AUTH
+.fi
+.ft
+.sp
+.ft B
+.nf
+#include <security/pam_modules.h>
+.fi
+.ft
+.HP 30
+.BI "PAM_EXTERN int pam_sm_setcred(pam_handle_t\ *" "pamh" ", int\ " "flags" ", int\ " "argc" ", const\ char\ **" "argv" ");"
+.SH "DESCRIPTION"
+.PP
+The
+\fBpam_sm_setcred\fR
+function is the service module's implementation of the
+\fBpam_setcred\fR(3)
+interface.
+.PP
+This function performs the task of altering the credentials of the user with respect to the corresponding authorization scheme. Generally, an authentication module may have access to more information about a user than their authentication token. This function is used to make such information available to the application. It should only be called
+\fIafter\fR
+the user has been authenticated but before a session has been established.
+.PP
+Valid flags, which may be logically OR'd with
+\fIPAM_SILENT\fR, are:
+.TP 3n
+PAM_SILENT
+Do not emit any messages.
+.TP 3n
+PAM_DELETE_CRED
+Delete the credentials associated with the authentication service.
+.TP 3n
+PAM_REINITIALIZE_CRED
+Reinitialize the user credentials.
+.TP 3n
+PAM_REFRESH_CRED
+Extend the lifetime of the user credentials.
+.PP
+The way the
+\fBauth\fR
+stack is navigated in order to evaluate the
+\fBpam_setcred\fR() function call, independent of the
+\fBpam_sm_setcred\fR() return codes, is exactly the same way that it was navigated when evaluating the
+\fBpam_authenticate\fR() library call. Typically, if a stack entry was ignored in evaluating
+\fBpam_authenticate\fR(), it will be ignored when libpam evaluates the
+\fBpam_setcred\fR() function call. Otherwise, the return codes from each module specific
+\fBpam_sm_setcred\fR() call are treated as
+\fBrequired\fR.
+.SH "RETURN VALUES"
+.TP 3n
+PAM_CRED_UNAVAIL
+This module cannot retrieve the user's credentials.
+.TP 3n
+PAM_CRED_EXPIRED
+The user's credentials have expired.
+.TP 3n
+PAM_CRED_ERR
+This module was unable to set the credentials of the user.
+.TP 3n
+PAM_SUCCESS
+The user credential was successfully set.
+.TP 3n
+PAM_USER_UNKNOWN
+The user is not known to this authentication module.
+.PP
+These, non\-\fIPAM_SUCCESS\fR, return values will typically lead to the credential stack
+\fIfailing\fR. The first such error will dominate in the return value of
+\fBpam_setcred\fR().
+.SH "SEE ALSO"
+.PP
+
+\fBpam\fR(3),
+\fBpam_authenticate\fR(3),
+\fBpam_setcred\fR(3),
+\fBpam_sm_authenticate\fR(3),
+\fBpam_strerror\fR(3),
+\fBPAM\fR(8)
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
+<refentry id='pam_sm_setcred'>
+ <refmeta>
+ <refentrytitle>pam_sm_setcred</refentrytitle>
+ <manvolnum>3</manvolnum>
+ <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id="pam_sm_setcred-name">
+ <refname>pam_sm_setcred</refname>
+ <refpurpose>PAM service function to alter credentials</refpurpose>
+ </refnamediv>
+
+<!-- body begins here -->
+
+ <refsynopsisdiv id='pam_sm_setcred-synopsis'>
+ <funcsynopsis>
+ <funcsynopsisinfo>#define PAM_SM_AUTH</funcsynopsisinfo>
+ <funcsynopsisinfo>#include <security/pam_modules.h></funcsynopsisinfo>
+ <funcprototype>
+ <funcdef>PAM_EXTERN int <function>pam_sm_setcred</function></funcdef>
+ <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef>
+ <paramdef>int <parameter>flags</parameter></paramdef>
+ <paramdef>int <parameter>argc</parameter></paramdef>
+ <paramdef>const char **<parameter>argv</parameter></paramdef>
+ </funcprototype>
+ </funcsynopsis>
+ </refsynopsisdiv>
+
+
+ <refsect1 id='pam_sm_setcred-description'>
+ <title>DESCRIPTION</title>
+ <para>
+ The <function>pam_sm_setcred</function> function is the service
+ module's implementation of the
+ <citerefentry>
+ <refentrytitle>pam_setcred</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry> interface.
+ </para>
+ <para>
+ This function performs the task of altering the credentials of the
+ user with respect to the corresponding authorization
+ scheme. Generally, an authentication module may have access to more
+ information about a user than their authentication token. This
+ function is used to make such information available to the
+ application. It should only be called <emphasis>after</emphasis> the
+ user has been authenticated but before a session has been established.
+ </para>
+ <para>
+ Valid flags, which may be logically OR'd with
+ <emphasis>PAM_SILENT</emphasis>, are:
+ </para>
+ <variablelist>
+ <varlistentry>
+ <term>PAM_SILENT</term>
+ <listitem>
+ <para>
+ Do not emit any messages.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_DELETE_CRED</term>
+ <listitem>
+ <para>
+ Delete the credentials associated with the authentication service.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_REINITIALIZE_CRED</term>
+ <listitem>
+ <para>
+ Reinitialize the user credentials.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_REFRESH_CRED</term>
+ <listitem>
+ <para>
+ Extend the lifetime of the user credentials.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ <para>
+ The way the <emphasis remap='B'>auth</emphasis> stack is
+ navigated in order to evaluate the <function>pam_setcred</function>()
+ function call, independent of the <function>pam_sm_setcred</function>()
+ return codes, is exactly the same way that it was navigated when
+ evaluating the <function>pam_authenticate</function>() library
+ call. Typically, if a stack entry was ignored in evaluating
+ <function>pam_authenticate</function>(), it will be ignored when
+ libpam evaluates the <function>pam_setcred</function>() function
+ call. Otherwise, the return codes from each module specific
+ <function>pam_sm_setcred</function>() call are treated as
+ <emphasis remap='B'>required</emphasis>.
+ </para>
+ </refsect1>
+
+ <refsect1 id="pam_sm_setcred-return_values">
+ <title>RETURN VALUES</title>
+ <variablelist>
+ <varlistentry>
+ <term>PAM_CRED_UNAVAIL</term>
+ <listitem>
+ <para>
+ This module cannot retrieve the user's credentials.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_CRED_EXPIRED</term>
+ <listitem>
+ <para>
+ The user's credentials have expired.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_CRED_ERR</term>
+ <listitem>
+ <para>
+ This module was unable to set the credentials of the user.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_SUCCESS</term>
+ <listitem>
+ <para>
+ The user credential was successfully set.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_USER_UNKNOWN</term>
+ <listitem>
+ <para>
+ The user is not known to this authentication module.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ <para>
+ These, non-<emphasis>PAM_SUCCESS</emphasis>, return values will
+ typically lead to the credential stack <emphasis>failing</emphasis>.
+ The first such error will dominate in the return value of
+ <function>pam_setcred</function>().
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_sm_setcred-see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>pam</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_setcred</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_sm_authenticate</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+</refentry>
.\" Title: pam_start
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\" Date: 06/02/2006
+.\" Date: 06/19/2006
.\" Manual: Linux\-PAM Manual
.\" Source: Linux\-PAM Manual
.\"
-.TH "PAM_START" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_START" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.\" Title: pam_strerror
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\" Date: 06/02/2006
+.\" Date: 06/19/2006
.\" Manual: Linux\-PAM Manual
.\" Source: Linux\-PAM Manual
.\"
-.TH "PAM_STRERROR" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_STRERROR" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.\" Title: pam_syslog
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\" Date: 06/02/2006
+.\" Date: 06/19/2006
.\" Manual: Linux\-PAM Manual
.\" Source: Linux\-PAM Manual
.\"
-.TH "PAM_SYSLOG" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_SYSLOG" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
EXTRA_DIST = draft-morgan-pam.raw std-agent-id.raw rfc86.0.txt
-all: spec
+all: draft-morgan-pam-current.txt
test -f rfc86.0.txt || cp -p $(srcdir)/rfc86.0.txt .
-spec: padout draft-morgan-pam.raw
+draft-morgan-pam-current.txt: padout draft-morgan-pam.raw
./padout < $(srcdir)/draft-morgan-pam.raw > draft-morgan-pam-current.txt
noinst_PROGRAMS = padout
projects / linux-pam / commitdiff