pam_setcred − establish / delete user credentials

#include <security/pam_appl.h>

int pam_setcred(pam_handle_t *pamh, int flags);


The pam_setcred function is used to establish, maintain and delete the credentials of a user. It should be called to set the credentials after a user has been authenticated and before a session is opened for the user (with pam_open_session(3)). The credentials should be deleted after the session has been closed (with pam_close_session(3)).

A credential is something that the user possesses. It is some property, such as a Kerberos ticket, or a supplementary group membership that make up the uniqueness of a given user. On a Linux system the user´s UID and GID´s are credentials too. However, it has been decided that these properties (along with the default supplementary groups of which the user is a member) are credentials that should be set directly by the application and not by PAM. Such credentials should be established, by the application, prior to a call to this function. For example, initgroups(2) (or equivalent) should have been performed.

Valid flags, any one of which, may be logically OR´d with PAM_SILENT, are:


Initialize the credentials for the user.


Delete the user´s credentials.


Fully reinitialize the user´s credentials.


Extend the lifetime of the existing credentials.


Memory buffer error.


Failed to set user credentials.


User credentials are expired.


Failed to retrieve user credentials.


Data was successful stored.


A NULL pointer was submitted as PAM handle, the function was called by a module or another system error occured.


User is not known to an authentication module.

(3), pam_open_session(3), pam_close_session(3), pam_strerror(3)

More Linux Commands

list(3) - list routines (Library - Linux man page)..........
list_new initialises the list header list so as to create an empty list. list_addhead adds node to the head of list, returning the node just added. list_addtail

XScreenSaverAllocInfo(3) - X11 Screen Saver extension client
The X Window System provides support for changing the image on a display screen after a user-settable period of inactivity to avoid burning the cathode ray tube

glColor3ui(3gl) - set the current color - Linux manual page
The GL stores both a current single-valued color index and a current four-valued RGBA color. glColor sets a new four-valued RGBA color. glColor has two major va

system-config-printer-applet(1) - print job manager.........
system-config-printer-applet is a print job manager for CUPS. Normally it will display a printer icon in the notification area, greyed out when there are no pri

socket(2) - create an endpoint for communication (Man Page)
socket() creates an endpoint for communication and returns a descriptor. The domain argument specifies a communication domain; this selects the protocol family

XcmsQueryBlue(3) - obtain black, blue, green, red, and white
The XcmsQueryBlack function returns the color specification in the specified target format for zero-intensity red, green, and blue. The XcmsQueryBlue function r

feature(3pm) - Perl pragma to enable new features (ManPage)
It is usually impossible to add new syntax to Perl without breaking some existing programs. This pragma provides a way to minimize that risk. New syntactic cons

memcmp(3) - compare memory areas (Library - Linux man page)
The memcmp() function compares the first n bytes (each interpreted as unsigned char) of the memory areas s1 and s2. RETURN VALUE The memcmp() function returns a

pdfdetach(1) Portable Document Format (PDF) document embedde
Pdfdetach lists or extracts embedded files (attachments) from a Portable Document Format (PDF) file. OPTIONS Some of the following options can be set with confi

ypchsh(1) - change your password in the NIS database........
In the old days, the standard passwd(1), chfn(1) and chsh(1) tools could not be used under Linux to change the users NIS password, shell and GECOS information.

SDL_SemWaitTimeout(3) - Lock a semaphore, but only wait up t
SDL_SemWaitTimeout() is a varient of SDL_SemWait with a maximum timeout value. If the value of the semaphore pointed to by sem is positive (greater than zero) i

pciconfig_read(2) - pci device information handling.........
Most of the interaction with PCI devices is already handled by the kernel PCI layer, and thus these calls should not normally need to be accessed from user spac

We can't live, work or learn in freedom unless the software we use is free.