Mercurial > crates > nonstick

view libpam-sys/README.md @ 141:a508a69c068a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Remove a lot of Results from functions. Many functions are documented to only return failing Results when given improper inputs or when there is a memory allocation failure (which can be verified by looking at the source). In cases where we know our input is correct, we don't need to check for memory allocation errors for the same reason that Rust doesn't do so when you, e.g., create a new Vec.
author Paul Fisher <paul@pfish.zone>
date Sat, 05 Jul 2025 17:16:56 -0400
parents efbc235f01d3
children 4b3a5095f68c
line wrap: on
line source

# `libpam-sys`: low-level bindings to Pluggable Authentication Modules

This crate provides low-level access to PAM, working with multiple PAM implementations.
You do not need PAM system headers installed to use this!

If you're looking for a nice, safe, Rusty API to PAM, may I recommend [nonstick][nonstick]?

## PAM implementations

This crate detects the PAM implementation you have installed, or guesses based on the OS if that's unavailable.
Supported PAM implementations are defined in the `pam_impl::PamImpl` enum.

You can also explicitly specify the PAM implementation you want (if not detected correctly) by setting the `LIBPAMSYS_IMPL` environment variable **at build time**.
All build-time configuration is performed by the build script of the [`libpam-sys-helpers` crate](https://crates.io/crates/libpam-sys-helpers).

Each implementation exports all the functionality available in its respective PAM library.
`XSso` exports only what is in the [X/SSO specification][xsso].

## Testing

Tests are mostly run through `libpam-sys-test`, which lives in the crate's workspace in its repository (along with [nonstick]).

- [`ctest`][ctest] verifies the correctness of the FFI bindings (function/struct alignment, etc.).
- A kind of scuffed homebrew thing also verifies that the constants are correct.

Testing is mainly accomplished through the `libpam-sys-test` package in this crate's workspace.
There are some unit tests of glue code and other type checks.

## Minimum Rust version

This crate supports **Rust 1.75**, the current version in Debian Trixie and Ubuntu 24.04.2 LTS.
There shouldn't be much that needs changing, since PAM's API is quite stable.

## References

- [X/SSO PAM specification][xsso]: This 1997 document laid out the original specification for PAM.
- [Linux-PAM repository][linux-pam]: The Linux-PAM implementation, used by most (all?) Linux distributions. Contains many extensions.
  - [Linux-PAM man page][man7]: Root man page for Linux-PAM, with links to additional PAM man pages.
  - [Linux-PAM guides][linux-guides]: Documentation for developers using PAM and sysadmins.
- [OpenPAM repository][openpam]: The OpenPAM implementation, used by many BSD varieties. This hews very close to the spec.
  - [OpenPAM man page][manbsd]: NetBSD's root man page for OpenPAM.
- [Illumos PAM repository][illumos-pam]: Illumos's implementation of PAM, based on Sun's Solaris. Even more basic than OpenPAM.
  - [Illumos PAM man page][manillumos]: Illumos's root man page for its PAM implementation.

[ctest]: https://github.com/rust-lang/libc/tree/ctest-v0.4.11/ctest
[nonstick]: https://crates.io/crates/nonstick
[xsso]: https://pubs.opengroup.org/onlinepubs/8329799/toc.htm
[linux-pam]: https://github.com/linux-pam/linux-pam
[man7]: https://www.man7.org/linux/man-pages/man8/pam.8.html
[linux-guides]: https://www.chiark.greenend.org.uk/doc/libpam-doc/html/
[openpam]: https://git.des.dev/OpenPAM/OpenPAM
[manbsd]: https://man.netbsd.org/pam.8
[illumos-pam]: https://code.illumos.org/plugins/gitiles/illumos-gate/+/refs/heads/master/usr/src/lib/libpam/
[manillumos]: https://illumos.org/man/3PAM/pam