Standards, Environments, and Macros pam_authtok_get(5)
NAME
pam_authtok_get - authentication and password management
moduleSYNOPSIS
pam_authtok_get.so.1
DESCRIPTION
The pam_authtok_get service module provides password prompt-
ing funtionality to the PAM stack. It implementspam_sm_authenticate() and pam_sm_chauthtok(), providing
functionality to both the Authentication Stack and the Pass-
word Management Stack. Authentication ServiceThe implementation of pam_sm_authenticate(3PAM) prompts the
user name if not set and then tries to get the authentica-
tion token from the pam handle. If the token is not set, it then prompts the user for a password and stores it in thePAM item PAM_AUTHTOK. This module is meant to be the first
module on an authentication stack where users are to authen-
ticate using a keyboard. Password Management Service Due to the nature of the PAM Password Management stacktraversal mechanism, the pam_sm_chauthtok(3PAM) function is
called twice. Once with the PAM_PRELIM_CHECK flag, and one
with the PAM_UPDATE_AUTHTOK flag.
In the first (PRELIM) invocation, the implementation ofpam_sm_chauthtok(3PAM) moves the contents of the PAM_AUTHTOK
(current authentication token) to PAM_OLDAUTHTOK, and subse-
quentially prompts the user for a new password. This newpassword is stored in PAM_AUTHTOK.
If a previous module has set PAM_OLDAUTHTOK prior to the
invocation of pam_authtok_get, this module turns into a NO-
OP and immediately returns PAM_SUCCESS.
In the second (UPDATE) invocation, the user is prompted toRe-enter his password. The pam_sm_chauthtok implementation
verifies this reentered password with the password stored inPAM_AUTHTOK. If the passwords match, the module returns
PAM_SUCCESS.
The following option can be passed to the module:SunOS 5.11 Last change: 14 Dec 2004 1
Standards, Environments, and Macros pam_authtok_get(5)
debug syslog(3C) debugging information at the LOG_DEBUG
levelERRORS
The authentication service returns the following error codes:PAM_SUCCESS Successfully obtains authentication token
PAM_SYSTEM_ERR Fails to retrieve username, username is
NULL or empty The password management service returns the following error codes:PAM_SUCCESS Successfully obtains authentication token
PAM_AUTHTOK_ERR Authentication token manipulation error
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Interface Stability | Committed ||_____________________________|_____________________________|
| MT Level | MT-Safe with exceptions |
|_____________________________|_____________________________|
SEE ALSO
pam(3PAM), pam_authenticate(3PAM), syslog(3C), libpam(3LIB),
pam.conf(4), attributes(5), pam_authtok_check(5),
pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5),
pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5),
pam_unix_session(5)
NOTESThe interfaces in libpam(3LIB) are MT-Safe only if each
thread within the multi-threaded application uses its own
PAM handle.SunOS 5.11 Last change: 14 Dec 2004 2
Standards, Environments, and Macros pam_authtok_get(5)
The pam_unix(5) module is no longer supported. Similar func-
tionality is provided by pam_authtok_check(5),
pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5),
pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5),
and pam_unix_session(5).
SunOS 5.11 Last change: 14 Dec 2004 3