Section: Linux-PAM Manual (3)
pam_setcred - establish / delete user credentials
int pam_setcred(pam_handle_t *pamh, int flags);
function is used to establish, maintain and delete the credentials of a user. It should be called to set the credentials after a user has been authenticated and before a session is opened for the user (with
pam_open_session(3)). The credentials should be deleted after the session has been closed (with
A credential is something that the user possesses. It is some property, such as a
ticket, or a supplementary group membership that make up the uniqueness of a given user. On a Linux system the user's
GID's are credentials too. However, it has been decided that these properties (along with the default supplementary groups of which the user is a member) are credentials that should be set directly by the application and not by PAM. Such credentials should be established, by the application, prior to a call to this function. For example,
(or equivalent) should have been performed.
flags, any one of which, may be logically OR'd with
Initialize the credentials for the user.
Delete the user's credentials.
Fully reinitialize the user's credentials.
Extend the lifetime of the existing credentials.
Memory buffer error.
Failed to set user credentials.
User credentials are expired.
Failed to retrieve user credentials.
Data was successful stored.
A NULL pointer was submitted as PAM handle, the function was called by a module or another system error occurred.
User is not known to an authentication module.