pam_open_session

a b c d e f g h i j k l m n o p q r s t u v w x y z _
PAM_OPEN_SESSION(3)	   App. Programmers’ Manual	  PAM_OPEN_SESSION(3)



NAME
       pam_open/close_session - PAM session management


SYNOPSIS
       #include <security/pam_appl.h>

       int pam_open_session(pam_handle_t *pamh, int  flags);

       int pam_close_session(pam_handle_t *pamh, int  flags);



DESCRIPTION
       PAM  provides  management-hooks for the initialization and termination
       of a session.


       pam_open_session
	      Use this function to signal that an authenticated user  session
	      has  begun. It should be called only after the user is properly
	      identified and (where necessary) has been granted their creden-
	      tials with pam_authenticate(3) and pam_setcred(3) respectively.

	      Some types of functions associated with session  initialization
	      are  logging  for	 the  purposes	of  system-audit and mounting
	      directories (the user’s  home  directory	for  example).	These
	      should not concern the application. It should be noted that the
	      effective uid, geteuid(2), of the application should be of suf-
	      ficient privilege to perform such tasks.


       pam_close_session
	      Use this function to signal that a user session has terminated.
	      In general this function may not need to be located in the same
	      application as the initialization function, pam_open_session.

	      Typically, this function will undo the actions of pam_open_ses-
	      sion.  That is, log audit information concerning the end of the
	      user  session  or unmount the user’s home directory. Apart from
	      having sufficient privilege the details of the session termina-
	      tion  should  not	 concern  the calling application. It is good
	      programming practice, however, to cease acting on behalf of the
	      user on returning from this call.


RETURN VALUE
       A  successful  return  from  the	 session management functions will be
       indicated with PAM_SUCCESS.

       The specific error indicating a failure to open or close a session  is
       PAM_SESSION_ERR.	 In general other return values may be returned. They
       should be treated as indicating failure.


ERRORS
       May be translated to text with pam_strerror(3).


CONFORMING TO
       OSF-RFC 86.0, October 1995.


BUGS
       none known.


SEE ALSO
       pam_start(3),  pam_authenticate(3),  pam_setcred(3),  pam_get_item(3),
       pam_strerror(3) and pam(3).

       Also,  see the three Linux-PAM Guides, for System administrators, mod-
       ule developers, and application developers.



Linux-PAM 0.55			  1997 Jan 4		  PAM_OPEN_SESSION(3)