⚝
One Hat Cyber Team
⚝
Your IP:
216.73.216.67
Server IP:
50.6.168.112
Server:
Linux server-617809.webnetzimbabwe.com 5.14.0-570.25.1.el9_6.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Jul 9 04:57:09 EDT 2025 x86_64
Server Software:
Apache
PHP Version:
8.4.10
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
usr
/
share
/
doc
/
pam-devel
/
html
/
View File Name :
mwg-expected-of-module-auth.html
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>3.2. Authentication management</title><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><link rel="home" href="Linux-PAM_MWG.html" title="The Linux-PAM Module Writers' Guide"><link rel="up" href="mwg-expected-of-module.html" title="Chapter 3. What is expected of a module"><link rel="prev" href="mwg-expected-of-module-overview.html" title="3.1. Overview"><link rel="next" href="mwg-expected-of-module-acct.html" title="3.3. Account management"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">3.2. Authentication management</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="mwg-expected-of-module-overview.html">Prev</a> </td><th width="60%" align="center">Chapter 3. What is expected of a module</th><td width="20%" align="right"> <a accesskey="n" href="mwg-expected-of-module-acct.html">Next</a></td></tr></table><hr></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="mwg-expected-of-module-auth"></a>3.2. Authentication management</h2></div></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="mwg-pam_sm_authenticate"></a>3.2.1. Service function for user authentication</h3></div></div></div><div class="funcsynopsis"><pre class="funcsynopsisinfo">#include <security/pam_modules.h></pre><table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;"><tr><td><code class="funcdef">int <b class="fsfunc">pam_sm_authenticate</b>(</code></td><td><var class="pdparam">pamh</var>, </td><td> </td></tr><tr><td> </td><td><var class="pdparam">flags</var>, </td><td> </td></tr><tr><td> </td><td><var class="pdparam">argc</var>, </td><td> </td></tr><tr><td> </td><td><var class="pdparam">argv</var><code>)</code>;</td><td> </td></tr></table><div class="paramdef-list"><code>pam_handle_t *<var class="pdparam">pamh</var></code>;<br><code>int <var class="pdparam">flags</var></code>;<br><code>int <var class="pdparam">argc</var></code>;<br><code>const char **<var class="pdparam">argv</var></code>;</div><div class="funcprototype-spacer"> </div></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a name="mwg-pam_sm_authenticate-description"></a>3.2.1.1. DESCRIPTION</h4></div></div></div><p> The <code class="function">pam_sm_authenticate</code> function is the service module's implementation of the <span class="citerefentry"><span class="refentrytitle">pam_authenticate</span>(3)</span> interface. </p><p> This function performs the task of authenticating the user. </p><p> Valid flags, which may be logically OR'd with <span class="emphasis"><em>PAM_SILENT</em></span>, are: </p><div class="variablelist"><dl class="variablelist"><dt><span class="term">PAM_SILENT</span></dt><dd><p> Do not emit any messages. </p></dd><dt><span class="term">PAM_DISALLOW_NULL_AUTHTOK</span></dt><dd><p> Return <span class="emphasis"><em>PAM_AUTH_ERR</em></span> if the database of authentication tokens for this authentication mechanism has a <span class="emphasis"><em>NULL</em></span> entry for the user. Without this flag, such a <span class="emphasis"><em>NULL</em></span> token will lead to a success without the user being prompted. </p></dd></dl></div></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a name="mwg-pam_sm_authenticate-return_values"></a>3.2.1.2. RETURN VALUES</h4></div></div></div><div class="variablelist"><dl class="variablelist"><dt><span class="term">PAM_AUTH_ERR</span></dt><dd><p> Authentication failure. </p></dd><dt><span class="term">PAM_CRED_INSUFFICIENT</span></dt><dd><p> For some reason the application does not have sufficient credentials to authenticate the user. </p></dd><dt><span class="term">PAM_AUTHINFO_UNAVAIL</span></dt><dd><p> The modules were not able to access the authentication information. This might be due to a network or hardware failure etc. </p></dd><dt><span class="term">PAM_SUCCESS</span></dt><dd><p> The authentication token was successfully updated. </p></dd><dt><span class="term">PAM_USER_UNKNOWN</span></dt><dd><p> The supplied username is not known to the authentication service. </p></dd><dt><span class="term">PAM_MAXTRIES</span></dt><dd><p> One or more of the authentication modules has reached its limit of tries authenticating the user. Do not try again. </p></dd></dl></div></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="mwg-pam_sm_setcred"></a>3.2.2. Service function to alter credentials</h3></div></div></div><div class="funcsynopsis"><pre class="funcsynopsisinfo">#include <security/pam_modules.h></pre><table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;"><tr><td><code class="funcdef">int <b class="fsfunc">pam_sm_setcred</b>(</code></td><td><var class="pdparam">pamh</var>, </td><td> </td></tr><tr><td> </td><td><var class="pdparam">flags</var>, </td><td> </td></tr><tr><td> </td><td><var class="pdparam">argc</var>, </td><td> </td></tr><tr><td> </td><td><var class="pdparam">argv</var><code>)</code>;</td><td> </td></tr></table><div class="paramdef-list"><code>pam_handle_t *<var class="pdparam">pamh</var></code>;<br><code>int <var class="pdparam">flags</var></code>;<br><code>int <var class="pdparam">argc</var></code>;<br><code>const char **<var class="pdparam">argv</var></code>;</div><div class="funcprototype-spacer"> </div></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a name="mwg-pam_sm_setcred-description"></a>3.2.2.1. DESCRIPTION</h4></div></div></div><p> The <code class="function">pam_sm_setcred</code> function is the service module's implementation of the <span class="citerefentry"><span class="refentrytitle">pam_setcred</span>(3)</span> interface. </p><p> This function performs the task of altering the credentials of the user with respect to the corresponding authorization scheme. Generally, an authentication module may have access to more information about a user than their authentication token. This function is used to make such information available to the application. It should only be called <span class="emphasis"><em>after</em></span> the user has been authenticated but before a session has been established. </p><p> Valid flags, which may be logically OR'd with <span class="emphasis"><em>PAM_SILENT</em></span>, are: </p><div class="variablelist"><dl class="variablelist"><dt><span class="term">PAM_SILENT</span></dt><dd><p> Do not emit any messages. </p></dd><dt><span class="term">PAM_ESTABLISH_CRED</span></dt><dd><p>Initialize the credentials for the user.</p></dd><dt><span class="term">PAM_DELETE_CRED</span></dt><dd><p> Delete the credentials associated with the authentication service. </p></dd><dt><span class="term">PAM_REINITIALIZE_CRED</span></dt><dd><p> Reinitialize the user credentials. </p></dd><dt><span class="term">PAM_REFRESH_CRED</span></dt><dd><p> Extend the lifetime of the user credentials. </p></dd></dl></div><p> The way the <span class="emphasis"><em>auth</em></span> stack is navigated in order to evaluate the <code class="function">pam_setcred</code>() function call, independent of the <code class="function">pam_sm_setcred</code>() return codes, is exactly the same way that it was navigated when evaluating the <code class="function">pam_authenticate</code>() library call. Typically, if a stack entry was ignored in evaluating <code class="function">pam_authenticate</code>(), it will be ignored when libpam evaluates the <code class="function">pam_setcred</code>() function call. Otherwise, the return codes from each module specific <code class="function">pam_sm_setcred</code>() call are treated as <span class="emphasis"><em>required</em></span>. </p></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a name="mwg-pam_sm_setcred-return_values"></a>3.2.2.2. RETURN VALUES</h4></div></div></div><div class="variablelist"><dl class="variablelist"><dt><span class="term">PAM_CRED_UNAVAIL</span></dt><dd><p> This module cannot retrieve the user's credentials. </p></dd><dt><span class="term">PAM_CRED_EXPIRED</span></dt><dd><p> The user's credentials have expired. </p></dd><dt><span class="term">PAM_CRED_ERR</span></dt><dd><p> This module was unable to set the credentials of the user. </p></dd><dt><span class="term">PAM_SUCCESS</span></dt><dd><p> The user credential was successfully set. </p></dd><dt><span class="term">PAM_USER_UNKNOWN</span></dt><dd><p> The user is not known to this authentication module. </p></dd></dl></div><p> These, non-<span class="emphasis"><em>PAM_SUCCESS</em></span>, return values will typically lead to the credential stack <span class="emphasis"><em>failing</em></span>. The first such error will dominate in the return value of <code class="function">pam_setcred</code>(). </p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="mwg-expected-of-module-overview.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="mwg-expected-of-module.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="mwg-expected-of-module-acct.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">3.1. Overview </td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_MWG.html">Home</a></td><td width="40%" align="right" valign="top"> 3.3. Account management</td></tr></table></div></body></html>