priv_pam_start, priv_pam_end, priv_pam_* - activating Linux-PAM |
#include <privman.h> |
int priv_pam_start(const char *service,
const char * user, const struct pam_conv
*conv, pam_handle_t
**pamh_p); int priv_pam_end(pam_handle_t *pamh, int pam_status); int priv_pam_authenticate(pam_handle_t *pamh, int flags); int priv_pam_open_session(pam_handle_t *pamh, int flags); int priv_pam_close_session(pam_handle_t *pamh, int flags); int priv_pam_acct_mgmt(pam_handle_t *pamh, int flags); int priv_pam_setcred(pam_handle_t *pamh, int flags); int priv_pam_chauthtok(pam_handle_t *pamh, int flags); |
int priv_pam_set_item(pam_handle_t *pamh,
int item_type, const void
*item); int priv_pam_get_item(pam_handle_t *pamh, int item_type, const void **item); |
int priv_pam_putenv(pam_handle_t *pamh,
const char *name_value); int priv_pam_getenv(pam_handle_t *pamh, const char *name");" int priv_pam_fail_delay(pam_handle_t *pamh, unsigned int usec); |
The priv_pam methods parallel the PAM methods. See the documentation for PAM for more details. |
In general, all the methods are proxied, and actually run in the context of the Privman process. If the provided conv function is run, it will be run in the context of the unprivileged process. |
${prefix}/etc/privman.d/ appname |
The application's configuration file. See privman_conf(5) for more details. For an application to use the priv_pam methods, the "auth" configuration statement must be true. |
priv_pam_getenv and priv_pam_setenv are not currently implemented, and may have the wrong prototype. |
Implement priv_pam_getenv and priv_pam_setenv. |
Network Associates. Send email to <privman@nailabs.com> |
priv_bind(3) priv_daemon(3) priv_execve(3) priv_fopen(3) priv_fork(3) priv_init(3) privman_conf(5) priv_open(3) priv_rerunas(3) privman(7) |
Also see the "check_user" sample program provided with the Privman distribution for a minimal example of authentication via PAM. |