- modify or delete user credentials for an authentication service
cc [ flag ... ] file ... -lpam [ library ... ] #include <security/pam_appl.h> int pam_setcred(pam_handle_t *pamh, int flags);
The pam_setcred() function is used to establish, modify, or delete user credentials. It is typically called after the user has been authenticated and after a session has been validated. See pam_authenticate(3PAM) and pam_acct_mgmt(3PAM).
The user is specified by a prior call to pam_start() or pam_set_item(), and is referenced by the authentication handle, pamh. The following flags may be set in the flags field. Note that the first four flags are mutually exclusive:
Set user credentials for an authentication service.
Delete user credentials associated with an authentication service.
Reinitialize user credentials.
Extend lifetime of user credentials.
Authentication service should not generate any messages.
If no flag is set, PAM_ESTABLISH_CRED is used as the default.
Upon success, pam_setcred() returns PAM_SUCCESS. In addition to the error return values described in pam(3PAM) the following values may be returned upon error:
Underlying authentication service can not retrieve user credentials unavailable.
User credentials expired.
User unknown to underlying authentication service.
Failure setting user credentials.
See attributes(5) for description of the following attributes:
The interfaces in libpam are MT-Safe only if each thread within the multithreaded application uses its own PAM handle.