Go to main content

man pages section 3: Extended Library Functions, Volume 3

Exit Print View

Updated: Wednesday, July 27, 2022



pam_eval - module control over PAM configuration


cc [ flag ... ] file ... –lpam [ library ... ]
#include <security/pam_appl.h>
#include <security/pam_modules.h

int pam_eval(pam_handle_t *pamh, const char *conf_path);


The pam_eval() function can be called by module service functions to cause PAM to evaluate the PAM configuration for the current service (auth, account, password or session) listed in the file named by conf_path. The conf_path argument must be an absolute path to a PAM configuration file.

The pam_eval() function does not have non-local exits. For example, if a requisite module in the given conf_path returns a status other than PAM_IGNORE or PAM_SUCCESS, pam_eval() still returns to its caller.

The named PAM configuration file has the same format as pam.conf(5) and must include the service name field just as /etc/pam.conf. The pam_eval() function will load the PAM configuration for the current PAM_SERVICE from conf_path or, if PAM_SERVICE is not found, for the “other” service, as usual.

The pam_eval() function may not be called by applications.

Return Values

If the named configuration could not be found or parsed, or if NULL or “” was given, or if a relative path is supplied for the configuration file, then pam_eval() returns PAM_SYSTEM_ERR. If pam_eval() is called by an application, then PAM_PERM_DENIED is returned.

Otherwise pam_eval() returns the same value that would have been returned by the current service function (for example, pam_authenticate(3PAM)) had it used the named PAM configuration. That is, the return value will be either the same as that returned by a service module as per the named configuration or, if all modules return PAM_IGNORE, the default error for the current stack (for example, PAM_AUTH_ERR, for the auth stack).


See attributes(7) for description of the following attributes:

Interface Stability
MT-Safe with exceptions

See Also

libpam(3LIB), pam(3PAM), pam_authenticate(3PAM), pam.conf(5), attributes(7), pam_user_policy(7)


The interfaces in libpam are MT-Safe only if each thread within the multithreaded application uses its own PAM handle.