Specifications
Red Hat Enterprise Linux to Oracle Solaris Porting Guide
88
Differences in PAM Data Structures and Function Calls
The following table lists the differences in data structures used by PAM on the two platforms.
TABLE 9-3. DATA STRUCTURE AND FUNCTION CALLS
RHEL ORACLE SOLARIS 11
Inside pam_start(), structure pam_message is defined
as follows:
struct pam_message {
int msg_style;
const char *msg;
};
Linux-PAM interprets the msg argument as entirely equivalent
to the following prototype:
const struct pam_message *msg[]
In Oracle Solaris, pam_message is defined as follows:
struct pam_message{
int msg_style;
char *msg; // <~~~~~ Not
defined as const
};
Oracle Solaris PAM implementation interprets this argument as
a pointer to a pointer to an array of num_msg pam_message
structures.
The pam_set_item() and pam_get_item() functions in
Linux are defined under security/pam_modules.h.
In Oracle Solaris, pam_set_item() and pam_get_item are
located in security/pam_appl.h.
item_type values supported in pam_set_item() are as
follows:
PAM_AUSER, PAM_AUTHTOK, PAM_CONV, PAM_OLDAUTHTOK,
PAM_RESOURCE, PAM_RHOST, PAM_RUSER, PAM_SERVICE,
PAM_TTY, PAM_USER, PAM_USER_PROMPT, and
PAM_REPOSITORY
The item_type PAM_SERVICE can be set only by
pam_start() and is read-only to both applications and
service modules.
For security reasons, the item_type PAM_AUTHTOK and
PAM_OLDAUTHTOK are available only to the module providers.
Return value PAM_BAD_ITEM is missing in Oracle Solaris;
instead, it has PAM_OPEN_ERR - dlopen() failed when
dynamically loading a service module.
PAM_SYMBOL_ERR means a symbol was not found.
PAM_SERVICE_ERR means there was an error in a service
module.
PAM_CONV_ERR
indicates a conversation failure.