Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

pam_open_session(3) [redhat man page]

PAM_OPEN_SESSION(3)					     App. Programmers' Manual					       PAM_OPEN_SESSION(3)

NAME

       pam_open/close_session - PAM session management

SYNOPSIS

       #include <security/pam_appl.h>

       int pam_open_session(pam_handle_t *pamh, int  flags);

       int pam_close_session(pam_handle_t *pamh, int  flags);

DESCRIPTION

       PAM provides management-hooks for the initialization and termination of a session.

       pam_open_session
	      Use  this function to signal that an authenticated user session has begun. It should be called only after the user is properly iden-
	      tified and (where necessary) has been granted their credentials with pam_authenticate(3) and pam_setcred(3) respectively.

	      Some types of functions associated with session initialization are logging for the purposes of system-audit and mounting directories
	      (the  user's  home  directory  for  example).  These  should not concern the application. It should be noted that the effective uid,
	      geteuid(2), of the application should be of sufficient privilege to perform such tasks.

       pam_close_session
	      Use this function to signal that a user session has terminated. In general this function may not need to	be  located  in  the  same
	      application as the initialization function, pam_open_session.

	      Typically,  this	function will undo the actions of pam_open_session.  That is, log audit information concerning the end of the user
	      session or unmount the user's home directory. Apart from having sufficient privilege the details of the session  termination  should
	      not  concern  the  calling application. It is good programming practice, however, to cease acting on behalf of the user on returning
	      from this call.

RETURN VALUE

       A successful return from the session management functions will be indicated with PAM_SUCCESS.

       The specific error indicating a failure to open or close a session is PAM_SESSION_ERR.  In general other return	values	may  be  returned.
       They should be treated as indicating failure.

ERRORS

       May be translated to text with pam_strerror(3).

CONFORMING TO

       OSF-RFC 86.0, October 1995.

BUGS

       none known.

SEE ALSO

       pam_start(3), pam_authenticate(3), pam_setcred(3), pam_get_item(3), pam_strerror(3) and pam(3).

       Also, see the three Linux-PAM Guides, for System administrators, module developers, and application developers.

Linux-PAM 0.55							    1997 Jan 4						       PAM_OPEN_SESSION(3)

Check Out this Related Man Page

PAM_SETCRED(3)							 Linux-PAM Manual						    PAM_SETCRED(3)

NAME

       pam_setcred - establish / delete user credentials

SYNOPSIS

       #include <security/pam_appl.h>

       int pam_setcred(pam_handle_t *pamh, int flags);

DESCRIPTION

       The pam_setcred function is used to establish, maintain and delete the credentials of a user. It should be called to set the credentials
       after a user has been authenticated and before a session is opened for the user (with pam_open_session(3)). The credentials should be
       deleted after the session has been closed (with pam_close_session(3)).

       A credential is something that the user possesses. It is some property, such as a Kerberos ticket, or a supplementary group membership that
       make up the uniqueness of a given user. On a Linux system the user's UID and GID's are credentials too. However, it has been decided that
       these properties (along with the default supplementary groups of which the user is a member) are credentials that should be set directly by
       the application and not by PAM. Such credentials should be established, by the application, prior to a call to this function. For example,
       initgroups(2) (or equivalent) should have been performed.

       Valid flags, any one of which, may be logically OR'd with PAM_SILENT, are:

       PAM_ESTABLISH_CRED
	   Initialize the credentials for the user.

       PAM_DELETE_CRED
	   Delete the user's credentials.

       PAM_REINITIALIZE_CRED
	   Fully reinitialize the user's credentials.

       PAM_REFRESH_CRED
	   Extend the lifetime of the existing credentials.

RETURN VALUES

       PAM_BUF_ERR
	   Memory buffer error.

       PAM_CRED_ERR
	   Failed to set user credentials.

       PAM_CRED_EXPIRED
	   User credentials are expired.

       PAM_CRED_UNAVAIL
	   Failed to retrieve user credentials.

       PAM_SUCCESS
	   Data was successful stored.

       PAM_SYSTEM_ERR
	   A NULL pointer was submitted as PAM handle, the function was called by a module or another system error occured.

       PAM_USER_UNKNOWN
	   User is not known to an authentication module.

SEE ALSO

       pam_authenticate(3), pam_open_session(3), pam_close_session(3), pam_strerror(3)

Linux-PAM Manual						    09/19/2013							    PAM_SETCRED(3)
Man Page