PAM consumers must be linked with the PAM library libpam. Before an application can use any service that is provided by the modules, the application must initialize its instance of the PAM library by calling pam_start(3PAM). The call to pam_start() initializes a handle that must be passed to all subsequent PAM calls. When an application is finished with the PAM services, pam_end() is called to clean up any data that was used by the PAM library.
Communication between the PAM application and the PAM modules takes place through items. For example, the following items are useful for initialization:
PAM_USER – Currently authenticated user
PAM_AUTHTOK – Password
PAM_USER_PROMPT – User name prompt
PAM_TTY – Terminal through which the user communication takes place
PAM_RHOST – Remote host through which user enters the system
PAM_REPOSITORY – Any restrictions on the user account repository
PAM_RESOURCE – Any controls on resources
For a complete list of available items, see pam_set_item(3PAM). Items can be set by the application through pam_set_item(3PAM). Values that have been set by the modules can be retrieved by the application through pam_get_item(3PAM). However, PAM_AUTHTOK and PAM_OLDAUTHTOK cannot be retrieved by the application. The PAM_SERVICE item cannot be set.