Home Man
Today's Posts

Linux & Unix Commands - Search Man Pages

OpenSolaris 2009.06 - man page for authen::pam (opensolaris section 3)

PAM(3)			       User Contributed Perl Documentation			   PAM(3)

       Authen::PAM - Perl interface to PAM library

	 use Authen::PAM;

	 $res = pam_start($service_name, $pamh);
	 $res = pam_start($service_name, $user, $pamh);
	 $res = pam_start($service_name, $user, \&my_conv_func, $pamh);
	 $res = pam_end($pamh, $pam_status);

	 $res = pam_authenticate($pamh, $flags);
	 $res = pam_setcred($pamh, $flags);
	 $res = pam_acct_mgmt($pamh, $flags);
	 $res = pam_open_session($pamh, $flags);
	 $res = pam_close_session($pamh, $flags);
	 $res = pam_chauthtok($pamh, $flags);

	 $error_str = pam_strerror($pamh, $errnum);

	 $res = pam_set_item($pamh, $item_type, $item);
	 $res = pam_get_item($pamh, $item_type, $item);

	     $res = pam_putenv($pamh, $name_value);
	     $val = pam_getenv($pamh, $name);
	     %env = pam_getenvlist($pamh);

	     $res = pam_fail_delay($pamh, $musec_delay);
	     $res = pam_set_item($pamh, PAM_FAIL_DELAY(), \&my_fail_delay_func);

       The Authen::PAM module provides a Perl interface to the PAM library. The only difference
       with the standard PAM interface is that instead of passing a pam_conv struct which has an
       additional context parameter appdata_ptr, you must only give an address to a conversation
       function written in Perl (see below).

       If you want to pass a NULL pointer as a value of the $user in pam_start use undef or the
       two-argument version. Both in the two and the three-argument versions of pam_start a
       default conversation function is used (Authen::PAM::pam_default_conv).

       The $flags argument is optional for all functions which use it except for pam_setcred. The
       $pam_status argument is also optional for pam_end function. Both of these arguments will
       be set to 0 if not given.

       The names of some constants from the PAM library have changed over the time. You can use
       any of the known names for a given constant although it is advisable to use the latest

       When this module supports some of the additional features of the PAM library (e.g.
       pam_fail_delay) then the corresponding HAVE_PAM_XXX constant will have a value 1 otherwise
       it will return 0.

       For compatibility with older PAM libraries I have added the constant HAVE_PAM_ENV_FUNC-
       TIONS which is true if your PAM library has the functions for handling environment vari-
       ables (pam_putenv, pam_getenv, pam_getenvlist).

       Object Oriented Style

       If you prefer to use an object oriented style for accessing the PAM library here is the

	 use Authen::PAM qw(:constants);

	 $pamh = new Authen::PAM($service_name);
	 $pamh = new Authen::PAM($service_name, $user);
	 $pamh = new Authen::PAM($service_name, $user, \&my_conv_func);

	 ref($pamh) || die "Error code $pamh during PAM init!";

	 $res = $pamh->pam_authenticate($flags);
	 $res = $pamh->pam_setcred($flags);
	 $res = $pamh->pam_acct_mgmt($flags);
	 $res = $pamh->pam_open_session($flags);
	 $res = $pamh->pam_close_session($flags);
	 $res = $pamh->pam_chauthtok($flags);

	 $error_str = $pamh->pam_strerror($errnum);

	 $res = $pamh->pam_set_item($item_type, $item);
	 $res = $pamh->pam_get_item($item_type, $item);

	 $res = $pamh->pam_putenv($name_value);
	 $val = $pamh->pam_getenv($name);
	 %env = $pamh->pam_getenvlist;

       The constructor new will call the pam_start function and if successfull will return an
       object reference. Otherwise the $pamh will contain the error number returned by pam_start.
       The pam_end function will be called automatically when the object is no longer referenced.


       Here is an example of using PAM for changing the password of the current user:

	 use Authen::PAM;

	 $login_name = getpwuid($<);

	 pam_start("passwd", $login_name, $pamh);

       or the same thing but using OO style:

	 $pamh = new Authen::PAM("passwd", $login_name);
	 $pamh = 0;  # Force perl to call the destructor for the $pamh

       Conversation function format

       When starting the PAM the user must supply a conversation function.  It is used for inter-
       action between the PAM modules and the user. The argument of the function is a list of
       pairs ($msg_type, $msg) and it must return a list with the same number of pairs
       ($resp_retcode, $resp) with replies to the input messages. For now the $resp_retcode is
       not used and must be always set to 0. In addition the user must append to the end of the
       resulting list the return code of the conversation function (usually PAM_SUCCESS). If you
       want to abort the conversation function for some reason then just return an error code,
       normally PAM_CONV_ERR.

       Here is a sample form of the PAM conversation function:

	 sub my_conv_func {
	     my @res;
	     while ( @_ ) {
		 my $msg_type = shift;
		 my $msg = shift;

		 print $msg;

		# switch ($msg_type) { obtain value for $ans; }

		push @res, (0,$ans);
	     push @res, PAM_SUCCESS();
	     return @res;

       More examples can be found in the Authen::PAM:FAQ.

       The following constant names: PAM_AUTHTOKEN_REQD, PAM_CRED_ESTABLISH, PAM_CRED_DELETE,
       PAM_CRED_REINITIALIZE, PAM_CRED_REFRESH are used by some older version of the Linux-PAM
       library and are not exported by default. If you really want them, load the module with

	 use Authen::PAM qw(:DEFAULT :old);

       This module still does not support some of the new Linux-PAM functions such as pam_sys-

       PAM Application developer's Manual, Authen::PAM::FAQ

       Nikolay Pelov <NIKIP at cpan.org>

       Copyright (c) 1998-2005 Nikolay Pelov. All rights reserved. This program is free software;
       you can redistribute it and/or modify it under the same terms as Perl itself.

perl v5.8.4				    2005-06-30					   PAM(3)

All times are GMT -4. The time now is 01:03 AM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
Show Password