Specifications
Red Hat Enterprise Linux to Oracle Solaris Porting Guide
86
TABLE 9-2. SEQUENCE OF FUNCTION CALLS DURING PAM INVOCATION
STEP-BY-STEP SEQUENCE ACTUAL SEQUENCE OF FUNCTION CALLS
The application initializes the library with a call to
pam_start().
The server calls pam_start(3) to initialize the PAM library,
specify its service name and the target account, and register a
suitable conversation function.
#include <security/pam_appl.h>
Int pam_start(const char *service, const
char *user,
const struct pam_conv *pam_conv,
pam_handle_t **pamh);
The server obtains various information relating to the
transaction (such as the applicant's user name and the name
of the host the client runs on) and submits it to PAM using
pam_set_item(3).
#include <security/pam_appl.h>
Int pam_set_item(pam_handle_t *pamh, int
item_type, const void *item);
The server calls pam_authenticate(3) to authenticate the
applicant.
#include <security/pam_appl.h>
int pam_authenticate(pam_handle_t *pamh,
int flags);
Once a user has been authenticated, the pam_acct_mgmt()
function is used to establish whether the user is permitted to
log in at this time.
The server calls pam_acct_mgmt(3) to verify that the
requested account is available and valid. If the password is
correct but has expired, pam_acct_mgmt(3) will return
PAM_NEW_AUTHTOK_REQD instead of PAM_SUCCESS.
#include <security/pam_appl.h>
int pam_acct_mgmt(pam_handle_t *pamh, int
flags);