{ "content": [ { "type": "text", "text": "# pam (man)\n\n## NAME\n\npam - Pluggable Authentication Modules Library\n\n## SYNOPSIS\n\n#include \n#include \n#include \n\n## DESCRIPTION\n\nPAM is a system of libraries that handle the authentication tasks of applications (services)\non the system. The library provides a stable general interface (Application Programming\nInterface - API) that privilege granting programs (such as login(1) and su(1)) defer to to\nperform standard authentication tasks.\n\n## Sections\n\n- **NAME**\n- **SYNOPSIS**\n- **DESCRIPTION** (8 subsections)\n- **RETURN VALUES**\n- **SEE ALSO**\n- **NOTES**\n\nUse structuredContent.sections for detailed options, examples, and full documentation.\n" } ], "structuredContent": { "command": "pam", "section": "", "mode": "man", "summary": "pam - Pluggable Authentication Modules Library", "synopsis": "#include \n#include \n#include ", "tldr_summary": null, "tldr_examples": [], "tldr_source": null, "flags": [], "examples": [], "see_also": [ { "name": "pamacctmgmt", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/pamacctmgmt/3/json" }, { "name": "pamauthenticate", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/pamauthenticate/3/json" }, { "name": "pamchauthtok", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/pamchauthtok/3/json" }, { "name": "pamclosesession", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/pamclosesession/3/json" }, { "name": "pamconv", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/pamconv/3/json" }, { "name": "pamend", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/pamend/3/json" }, { "name": "pamgetdata", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/pamgetdata/3/json" }, { "name": "pamgetenv", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/pamgetenv/3/json" }, { "name": "pamgetenvlist", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/pamgetenvlist/3/json" }, { "name": "pamgetitem", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/pamgetitem/3/json" }, { "name": "pamgetuser", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/pamgetuser/3/json" }, { "name": "pamopensession", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/pamopensession/3/json" }, { "name": "pamputenv", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/pamputenv/3/json" }, { "name": "pamsetdata", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/pamsetdata/3/json" }, { "name": "pamsetitem", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/pamsetitem/3/json" }, { "name": "pamsetcred", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/pamsetcred/3/json" }, { "name": "pamstart", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/pamstart/3/json" }, { "name": "pamstrerror", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/pamstrerror/3/json" } ], "section_outline": [ { "name": "NAME", "lines": 2, "subsections": [] }, { "name": "SYNOPSIS", "lines": 6, "subsections": [] }, { "name": "DESCRIPTION", "lines": 5, "subsections": [ { "name": "Initialization and Cleanup", "lines": 11 }, { "name": "Authentication", "lines": 6 }, { "name": "Account Management", "lines": 4 }, { "name": "Password Management", "lines": 3 }, { "name": "Session Management", "lines": 4 }, { "name": "Conversation", "lines": 4 }, { "name": "Data Objects", "lines": 8 }, { "name": "Environment and Error Management", "lines": 6 } ] }, { "name": "RETURN VALUES", "lines": 89, "subsections": [] }, { "name": "SEE ALSO", "lines": 5, "subsections": [] }, { "name": "NOTES", "lines": 6, "subsections": [] } ], "sections": { "NAME": { "content": "pam - Pluggable Authentication Modules Library\n", "subsections": [] }, "SYNOPSIS": { "content": "#include \n\n#include \n\n#include \n", "subsections": [] }, "DESCRIPTION": { "content": "PAM is a system of libraries that handle the authentication tasks of applications (services)\non the system. The library provides a stable general interface (Application Programming\nInterface - API) that privilege granting programs (such as login(1) and su(1)) defer to to\nperform standard authentication tasks.\n", "subsections": [ { "name": "Initialization and Cleanup", "content": "The pamstart(3) function creates the PAM context and initiates the PAM transaction. It is\nthe first of the PAM functions that needs to be called by an application. The transaction\nstate is contained entirely within the structure identified by this handle, so it is possible\nto have multiple transactions in parallel. But it is not possible to use the same handle for\ndifferent transactions, a new one is needed for every new context.\n\nThe pamend(3) function terminates the PAM transaction and is the last function an\napplication should call in the PAM context. Upon return the handle pamh is no longer valid\nand all memory associated with it will be invalid. It can be called at any time to terminate\na PAM transaction.\n" }, { "name": "Authentication", "content": "The pamauthenticate(3) function is used to authenticate the user. The user is required to\nprovide an authentication token depending upon the authentication service, usually this is a\npassword, but could also be a finger print.\n\nThe pamsetcred(3) function manages the user's credentials.\n" }, { "name": "Account Management", "content": "The pamacctmgmt(3) function is used to determine if the user's account is valid. It checks\nfor authentication token and account expiration and verifies access restrictions. It is\ntypically called after the user has been authenticated.\n" }, { "name": "Password Management", "content": "The pamchauthtok(3) function is used to change the authentication token for a given user on\nrequest or because the token has expired.\n" }, { "name": "Session Management", "content": "The pamopensession(3) function sets up a user session for a previously successful\nauthenticated user. The session should later be terminated with a call to\npamclosesession(3).\n" }, { "name": "Conversation", "content": "The PAM library uses an application-defined callback to allow a direct communication between\na loaded module and the application. This callback is specified by the struct pamconv passed\nto pamstart(3) at the start of the transaction. See pamconv(3) for details.\n" }, { "name": "Data Objects", "content": "The pamsetitem(3) and pamgetitem(3) functions allows applications and PAM service modules\nto set and retrieve PAM information.\n\nThe pamgetuser(3) function is the preferred method to obtain the username.\n\nThe pamsetdata(3) and pamgetdata(3) functions allows PAM service modules to set and\nretrieve free-form data from one invocation to another.\n" }, { "name": "Environment and Error Management", "content": "The pamputenv(3), pamgetenv(3) and pamgetenvlist(3) functions are for maintaining a set of\nprivate environment variables.\n\nThe pamstrerror(3) function returns a pointer to a string describing the given PAM error\ncode.\n" } ] }, "RETURN VALUES": { "content": "The following return codes are known by PAM:\n\nPAMABORT\nCritical error, immediate abort.\n\nPAMACCTEXPIRED\nUser account has expired.\n\nPAMAUTHINFOUNAVAIL\nAuthentication service cannot retrieve authentication info.\n\nPAMAUTHTOKDISABLEAGING\nAuthentication token aging disabled.\n\nPAMAUTHTOKERR\nAuthentication token manipulation error.\n\nPAMAUTHTOKEXPIRED\nAuthentication token expired.\n\nPAMAUTHTOKLOCKBUSY\nAuthentication token lock busy.\n\nPAMAUTHTOKRECOVERYERR\nAuthentication information cannot be recovered.\n\nPAMAUTHERR\nAuthentication failure.\n\nPAMBUFERR\nMemory buffer error.\n\nPAMCONVERR\nConversation failure.\n\nPAMCREDERR\nFailure setting user credentials.\n\nPAMCREDEXPIRED\nUser credentials expired.\n\nPAMCREDINSUFFICIENT\nInsufficient credentials to access authentication data.\n\nPAMCREDUNAVAIL\nAuthentication service cannot retrieve user credentials.\n\nPAMIGNORE\nThe return value should be ignored by PAM dispatch.\n\nPAMMAXTRIES\nHave exhausted maximum number of retries for service.\n\nPAMMODULEUNKNOWN\nModule is unknown.\n\nPAMNEWAUTHTOKREQD\nAuthentication token is no longer valid; new one required.\n\nPAMNOMODULEDATA\nNo module specific data is present.\n\nPAMOPENERR\nFailed to load module.\n\nPAMPERMDENIED\nPermission denied.\n\nPAMSERVICEERR\nError in service module.\n\nPAMSESSIONERR\nCannot make/remove an entry for the specified session.\n\nPAMSUCCESS\nSuccess.\n\nPAMSYMBOLERR\nSymbol not found.\n\nPAMSYSTEMERR\nSystem error.\n\nPAMTRYAGAIN\nFailed preliminary check by password service.\n\nPAMUSERUNKNOWN\nUser not known to the underlying authentication module.\n", "subsections": [] }, "SEE ALSO": { "content": "pamacctmgmt(3), pamauthenticate(3), pamchauthtok(3), pamclosesession(3), pamconv(3),\npamend(3), pamgetdata(3), pamgetenv(3), pamgetenvlist(3), pamgetitem(3),\npamgetuser(3), pamopensession(3), pamputenv(3), pamsetdata(3), pamsetitem(3),\npamsetcred(3), pamstart(3), pamstrerror(3)\n", "subsections": [] }, "NOTES": { "content": "The libpam interfaces are only thread-safe if each thread within the multithreaded\napplication uses its own PAM handle.\n\n\n\nLinux-PAM Manual 06/08/2020 PAM(3)", "subsections": [] } } } }