PAM Library Functions pam_chauthtok(3PAM)
NAME
pam_chauthtok - perform password related functions within
the PAM frameworkSYNOPSIS
cc [ flag ... ] file ... -lpam [ library ... ]
#include
int pam_chauthtok(pam_handle_t *pamh, const int flags);
DESCRIPTION
The pam_chauthtok() function is called to change the authen-
tication token associated with a particular user referenced by the authentication handle pamh.The following flag may be passed in to pam_chauthtok():
PAM_SILENT The password service should
not generate any messages.PAM_CHANGE_EXPIRED_AUTHTOK The password service should
only update those passwords that have aged. If this flag is not passed, all password services should update their passwords.PAM_NO_AUTHTOK_CHECK The password service should
not perform conformance checks on the password entered. Upon successful completion of the call, the authentication token of the user will be changed in accordance with the password service configured in the system through pam.conf(4).RETURN VALUES
Upon successful completion, PAM_SUCCESS is returned. In
addition to the error return values described in pam(3PAM), the following values may be returned:PAM_PERM_DENIED No permission.
PAM_AUTHTOK_ERR Authentication token manipula-
tion error.SunOS 5.11 Last change: 1 Mar 2005 1
PAM Library Functions pam_chauthtok(3PAM)
PAM_AUTHTOK_RECOVERY_ERR Authentication information can-
not be recovered.PAM_AUTHTOK_LOCK_BUSY Authentication token lock busy.
PAM_AUTHTOK_DISABLE_AGING Authentication token aging dis-
abled.PAM_USER_UNKNOWN User unknown to password ser-
vice.PAM_TRY_AGAIN Preliminary check by password
service failed.ATTRIBUTES
See attributes(5) for description of the following attri-
butes:____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Interface Stability | Committed ||_____________________________|_____________________________|
| MT-Level | MT-Safe with exceptions |
|_____________________________|_____________________________|
SEE ALSO
login(1), passwd(1), pam(3PAM), pam_authenticate(3PAM),
pam_start(3PAM), attributes
NOTESThe flag PAM_CHANGE_EXPIRED_AUTHTOK is typically used by a
login application which has determined that the user's pass-
word has aged or expired. Before allowing the user to login,the login application may invoke pam_chauthtok() with this
flag to allow the user to update the password. Typically, applications such as passwd(1) should not use this flag.The pam_chauthtok() functions performs a preliminary check
before attempting to update passwords. This check is per-
formed for each password module in the stack as listed inpam.conf(4). The check may include pinging remote name ser-
vices to determine if they are available. If pam_chauthtok()
SunOS 5.11 Last change: 1 Mar 2005 2
PAM Library Functions pam_chauthtok(3PAM)
returns PAM_TRY_AGAIN, then the check has failed, and pass-
words are not updated.The flag PAM_NO_AUTHTOK_CHECK is typically used by programs
that allow an administrator to bypass various password con-
formance checks when setting a password for a user.The interfaces in libpam are MT-Safe only if each thread
within the multithreaded application uses its own PAM han-
dle.SunOS 5.11 Last change: 1 Mar 2005 3