Manualshelf

Specifications

ManualsBrandsRed Hat ManualsOtherENTERPRISE LINUX 3 - DEVELOPER TOOLS GUIDE
81828384858687888990
Red Hat Enterprise Linux to Oracle Solaris Porting Guide
87
TABLE 9-2. SEQUENCE OF FUNCTION CALLS DURING PAM INVOCATION
STEP-BY-STEP SEQUENCE ACTUAL SEQUENCE OF FUNCTION CALLS
Modules of account-management type can be used to restrict
users from logging in at certain times of the day or week or for
enforcing password expiration. In this case, users are
prevented from gaining access to the system until they have
successfully updated their password with the
pam_chauthtok() function.
If the previous step returned PAM_NEW_AUTHTOK_REQD, the
server now calls pam_chauthtok(3) to force the client to
change the authentication token for the requested account.
#include <security/pam_appl.h>
Int pam_chauthtok(pam_handle_t *pamh, const
int flags);
pam_setcred() establishes and releases the PAM-
configurable identity of the user. This can include credentials
such as access tickets and supplementary group
memberships.
Now that the applicant has been properly authenticated, the
server calls pam_setcred(3) to establish the credentials of
the requested account. It is able to do this because it acts on
behalf of the arbitrator and holds the arbitrator's credentials.
pam_open_session() and pam_close_session() mark
the beginning and end of the PAM-authenticated session.
Session initialization and termination typically include tasks
such as making a system resource available (mounting the
user's home directory) and establishing an audit trail.
Once the correct credentials have been established, the server
calls pam_open_session(3) to set up the session.
#include <security/pam_appl.h>
Int pam_open_session(pam_handle_t *pamh,
int flags);
Once the server is done serving the client, it calls
pam_close_session(3) to tear down the session.
#include <security/pam_appl.h>
int pam_close_session(pam_handle_t *pamh, int
flags);
With a call to pam_end(), the login application breaks its
connection to the PAM library. The PAMs are unloaded, and
the dynamically allocated memory is scrubbed and returned to
the system.
Finally, the server calls pam_end(3) to notify the PAM library
that it is done and that it can release whatever resources it has
allocated in the course of the transaction.
#include <security/pam_appl.h>
int pam_end(pam_handle_t *pamh, int status);