pam_start Subroutine

Purpose

Initiates a new PAM user authentication session.

Library

PAM Library (libpam.a)

Syntax

#include <security/pam_appl.h>

int pam_start (Service, User, Conversation, PAMHandle)
const char *Service;
const char *User;
const struct pam_conv *Conversation;
pam_handle_t **PAMHandle;

Description

The pam_start subroutine begins a new PAM session for authentication within one of the four realms of the PAM environment [authentication, account, session, password]. This routine is called only at the start of the session, not at the start of each module comprising the session. The PAM handle, PAMHandle, returned by this subroutine is subsequently used by other PAM routines. The handle must be cleaned up at the end of use, which can easily be done by passing it as an argument to pam_end.

Parameters

Item	Description
Service	The name of the service initiating this PAM session.
User	The user who is being authenticated.
Conversation	The PAM conversation struct enabling communication with the user. This structure, pam_conv, consists of a pointer to a conversation function, as well as a pointer to application data. `struct pam_conv { int (conv)(); void (appdata_ptr); }` The argument conv is defined as: `int conv( int num_msg, const struct pam_message msg, const struct pam_response resp, void appdata );` The conversation function, conv, allows PAM to send messages to, and get input from, a user. The arguments to the function have the following definition and behavior: num_msg The number of lines of messages to be displayed (all messages are returned in one-line fragments, each no longer than PAM_MAX_MSG_SIZE* characters and with no more lines than PAM_MAX_NUM_MSG) msg Contains the message text and its style. `struct pam_message { int style; /* Message style / char msg; /* The message / }` The message style, can be one of: PAM_PROMPT_ECHO_OFF Prompts users with `message` and does not echo their responses; it is typically for use with requesting passwords and other sensitive information. PAM_PROMPT_ECHO_ON Prompts users with `message` and echoes their responses back to them. PAM_ERROR_MSG Displays `message` as an error message. PAM_TEXT_INFO Displays general information, such as authentication failures. resp Holds the user's response and a response code. `struct pam_response { char resp; / Reference to the response / int resp_retcode; / Not used, should be 0 */ }` appdata, appdata_ptr Pointers to the application data that can be passed by the calling application to the PAM modules. Use these to allow PAM to send data back to the application.
PAMHandle	The PAM handle representing the current user authentication session is returned upon successful completion.

Return Values

Upon successful completion, pam_start returns PAM_SUCCESS, and a reference to the pointer of a valid PAM handle is returned through PAMHandle. If the routine fails, a value different from PAM_SUCCESS is returned, and the PAMHandle reference is NULL.

Error Codes

Item	Description
PAM_SERVICE_ERR	An error occurred in a PAM module.
PAM_SYSTEM_ERR	A system error occurred.
PAM_BUF_ERR	A memory error occurred.