PAM_SETCRED(3) Library Functions Manual PAM_SETCRED(3)

pam_setcredmodify / delete user credentials for an authentication service

Pluggable Authentication Module Library (libpam, -lpam)

#include <sys/types.h>
#include <security/pam_appl.h>

int
pam_setcred(pam_handle_t *pamh, int flags);

The pam_setcred function manages the application's credentials.

The flags argument is the binary or of zero or more of the following values:

Do not emit any messages.
Establish the credentials of the target user.
Revoke all established credentials.
Fully reinitialise credentials.
Refresh credentials.

The latter four are mutually exclusive.

If any other bits are set, pam_setcred will return PAM_SYMBOL_ERR.

The pam_setcred function returns one of the following values:

[PAM_ABORT]
General failure.
[PAM_BUF_ERR]
Memory buffer error.
[PAM_CONV_ERR]
Conversation failure.
[PAM_CRED_ERR]
Failed to set user credentials.
[PAM_CRED_EXPIRED]
User credentials have expired.
[PAM_CRED_UNAVAIL]
Failed to retrieve user credentials.
[PAM_PERM_DENIED]
Permission denied.
[PAM_SERVICE_ERR]
Error in service module.
[PAM_SYMBOL_ERR]
Invalid symbol.
[PAM_SYSTEM_ERR]
System error.
[PAM_USER_UNKNOWN]
Unknown user.

pam(3), pam_strerror(3)

X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules, June 1997.

The pam_setcred function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 (“CBOSS”), as part of the DARPA CHATS research program.

December 21, 2007 Mac OS X 12