HP-UX Reference (11i v1 05/09) - 3 Library Functions N-Z (vol 7)
p
pam(3) pam(3)
To perform session management, applications call
pam_open_session()
. For example, the system
may want to store the total time for the session. The function
pam_close_session()
closes the
current session.
When necessary, applications can call
pam_get_item()
and pam_set_item()
to access and update
specific authentication information. Such information may include the current username.
To terminate an authentication transaction, the application simply calls
pam_end(), which frees previ-
ously allocated space used to store authentication information.
Application - Authentication Service Interactive Interface
The authentication service in PAM does not communicate directly with the user; instead it relies on the
application to perform all such interactions. The application passes a pointer to the function,
conv(),
along with any associated application data pointers, through a
pam_conv structure to the authentication
service when it initiates an authentication transaction (via a call to
pam_start() ). The service will then
use the function,
conv(), to prompt the user for data, output error messages, and display text informa-
tion. Refer to pam_start(3) for more information.
Stacking Multiple Schemes
The PAM architecture enables authentication by multiple authentication services through stacking. System
entry applications, such as login(1), stack multiple service modules to authenticate users with multiple
authentication services. The order in which authentication service modules are stacked is specified in the
configuration file, pam.conf(4). A system administrator determines this ordering, and also determines
whether the same password can be used for all authentication services.
Administrative Interface
The authentication library,
/usr/lib/libpam.1
, implements the framework interface. Various
authentication services are implemented by their own loadable modules whose paths are specified through
the
pam.conf(4) file.
User configuration
The system administrator can determine a policy by user. These are specified in the configuration files:
pam.conf(4), pam_user.conf(4).
APPLICATION USAGE
No PAM functions are safe to be called by a multithreaded application.
RETURN VALUES
The PAM functions may return one of the following generic values, or one of the values defined in the
specific man pages:
PAM_SUCCESS Successful function return.
PAM_OPEN_ERR shl_load() failure when dynamically loading a service module.
PAM_SYMBOL_ERR Symbol not found.
PAM_SERVICE_ERR Error in service module.
PAM_SYSTEM_ERR System error.
PAM_BUF_ERR Memory buffer error.
PAM_CONV_ERR Conversation failure.
PAM_PERM_DENIED Permission denied.
WARNINGS
Please note that all the PAM APIs and the data structures are subject to change without notice.
SEE ALSO
pam_authenticate(3), pam_open_session(3), pam_chauthtok(3), pam_set_item(3), pam_setcred(3),
pam_sm(3), pam_start(3), pam_strerror(3), pam.conf(4), pam_user.conf(4).
Section 3−−624 Hewlett-Packard Company − 2 − HP-UX 11i Version 1: September 2005