1 .\" Hey Emacs! This file is -*- nroff -*- source.
2 .\" $Id: pam_open_session.3,v 1.2 1997/02/15 18:49:02 morgan Exp $
3 .\" $FreeBSD: src/contrib/libpam/doc/man/pam_open_session.3,v 1.2.6.2 2001/06/11 15:28:11 markm Exp $
4 .\" Copyright (c) Andrew G. Morgan 1997 <morgan@parc.power.net>
5 .TH PAM_OPEN_SESSION 3 "1997 Jan 4" "PAM 0.55" "App. Programmers' Manual"
8 pam_open/close_session \- PAM session management
11 .B #include <security/pam_appl.h>
13 .BI "int pam_open_session(pam_handle_t " *pamh ", int " flags ");"
15 .BI "int pam_close_session(pam_handle_t " *pamh ", int " flags ");"
19 PAM provides management-hooks for the initialization and termination
25 Use this function to signal that an authenticated user session has
26 begun. It should be called only after the user is properly identified
27 and (where necessary) has been granted their credentials with
28 .BR pam_authenticate "(3)"
34 Some types of functions associated with session
35 initialization are logging for the purposes of system-audit and
36 mounting directories (the user's home directory for example). These
37 should not concern the application. It should be noted that the
41 of the application should be of sufficient privilege to perform such
47 Use this function to signal that a user session has
48 terminated. In general this function may not need to be located in the
49 same application as the initialization function,
50 .BR pam_open_session "."
53 Typically, this function will undo the actions of
54 .BR pam_open_session "."
55 That is, log audit information concerning the end of the user session
56 or unmount the user's home directory. Apart from having sufficient
57 privilege the details of the session termination should not concern
58 the calling application. It is good programming practice, however, to
59 cease acting on behalf of the user on returning from this call.
62 A successful return from the session management functions will be
67 The specific error indicating a failure to open or close a session is
68 .BR PAM_SESSION_ERR "."
69 In general other return values may be returned. They should be treated
70 as indicating failure.
73 May be translated to text with
74 .BR pam_strerror "(3). "
77 OSF-RFC 86.0, October 1995.
86 .BR pam_authenticate "(3), "
87 .BR pam_setcred "(3), "
88 .BR pam_get_item "(3), "
89 .BR pam_strerror "(3) "
97 .BR "System administrators" ", "
98 .BR "module developers" ", "
100 .BR "application developers" ". "