pam_sm_setcred - PAM service function to alter credentials
PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc,
const char **argv);
The pam_sm_setcred function is the service module's implementation of
the pam_setcred(3) interface.
This function performs the task of altering the credentials of the user
with respect to the corresponding authorization scheme. Generally, an
authentication module may have access to more information about a user
than their authentication token. This function is used to make such
information available to the application. It should only be called
after the user has been authenticated but before a session has been
Valid flags, which may be logically OR'd with PAM_SILENT, are:
Do not emit any messages.
Initialize the credentials for the user.
Delete the credentials associated with the authentication service.
Reinitialize the user credentials.
Extend the lifetime of the user credentials.
The way the auth stack is navigated in order to evaluate the
pam_setcred() function call, independent of the pam_sm_setcred() return
codes, is exactly the same way that it was navigated when evaluating
the pam_authenticate() library call. Typically, if a stack entry was
ignored in evaluating pam_authenticate(), it will be ignored when
libpam evaluates the pam_setcred() function call. Otherwise, the return
codes from each module specific pam_sm_setcred() call are treated as
This module cannot retrieve the user's credentials.
The user's credentials have expired.
This module was unable to set the credentials of the user.
The user credential was successfully set.
The user is not known to this authentication module.
These, non-PAM_SUCCESS, return values will typically lead to the
credential stack failing. The first such error will dominate in the
return value of pam_setcred().
pam(3), pam_authenticate(3), pam_setcred(3), pam_sm_authenticate(3),