PAM_OPEN_SESSION(3PAM) PAM Library Functions PAM_OPEN_SESSION(3PAM)
NAME
pam_open_session, pam_close_session - perform PAM session creation and
termination operations
SYNOPSIS
cc [
flag ... ]
file ...
-lpam [
library ... ]
#include <security/pam_appl.h>
int pam_open_session(
pam_handle_t *pamh,
int flags);
int pam_close_session(
pam_handle_t *pamh,
int flags);
DESCRIPTION
The
pam_open_session() function is called after a user has been
successfully authenticated. See
pam_authenticate(3PAM) and
pam_acct_mgmt(3PAM). It is used to notify the session modules that a new
session has been initiated. All programs that use the
pam(3PAM) library should invoke
pam_open_session() when beginning a new session.
Upon termination of this activity,
pam_close_session() should be invoked
to inform
pam(3PAM) that the session has terminated.
The
pamh argument is an authentication handle obtained by a prior call to
pam_start(). The following flag may be set in the
flags field for
pam_open_session() and
pam_close_session():
PAM_SILENT The session service should not generate any messages.
RETURN VALUES
Upon successful completion,
PAM_SUCCESS is returned. In addition to the
return values defined in
pam(3PAM), the following value may be returned
on error:
PAM_SESSION_ERR Cannot make or remove an entry for the specified
session.
ATTRIBUTES
See
attributes(7) for description of the following attributes:
+--------------------+-------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-------------------------+
|Interface Stability | Stable |
+--------------------+-------------------------+
|MT-Level | MT-Safe with exceptions |
+--------------------+-------------------------+
SEE ALSO
getutxent(3C),
pam(3PAM),
pam_acct_mgmt(3PAM),
pam_authenticate(3PAM),
pam_start(3PAM),
attributes(7)NOTES
In many instances, the
pam_open_session() and
pam_close_session() calls
may be made by different processes. For example, in UNIX the
login process opens a session, while the
init process closes the session. In
this case,
UTMP/WTMP entries may be used to link the call to
pam_close_session() with an earlier call to
pam_open_session(). This is
possible because
UTMP/WTMP entries are uniquely identified by a
combination of attributes, including the user login name and device name,
which are accessible through the
PAM handle,
pamh. The call to
pam_open_session() should precede
UTMP/WTMP entry management, and the
call to
pam_close_session() should follow
UTMP/WTMP exit management.
The interfaces in
libpam are MT-Safe only if each thread within the
multithreaded application uses its own
PAM handle.
October 13, 1998
PAM_OPEN_SESSION(3PAM)