PAM_GET_AUTHTOK(3) | Library Functions Manual | PAM_GET_AUTHTOK(3) |
pam_get_authtok
—
#include <sys/types.h>
#include <security/pam_appl.h>
int
pam_get_authtok
(pam_handle_t
*pamh, int item,
const char **authtok,
const char *prompt);
pam_get_authtok
() function either prompts the user
for an authentication token or retrieves a cached authentication token,
depending on circumstances. Either way, a pointer to the authentication token
is stored in the location pointed to by the authtok
argument, and the corresponding PAM item is updated.
The item argument must have one of the following values:
PAM_AUTHTOK
PAM_OLDAUTHTOK
The prompt argument specifies a prompt to
use if no token is cached. If it is NULL
, the
PAM_AUTHTOK_PROMPT
or
PAM_OLDAUTHTOK_PROMPT
item, as appropriate, will be
used. If that item is also NULL
, a hardcoded default
prompt will be used. Additionally, when
pam_get_authtok
() is called from a service module,
the prompt may be affected by module options as described below. The prompt
is then expanded using
openpam_subst(3) before
it is passed to the conversation function.
If item is set to
PAM_AUTHTOK
and there is a non-null
PAM_OLDAUTHTOK
item,
pam_get_authtok
() will ask the user to confirm the
new token by retyping it. If there is a mismatch,
pam_get_authtok
() will return
PAM_TRY_AGAIN
.
pam_get_authtok
() will
recognize the following module options:
authtok_prompt
PAM_AUTHTOK
. This option overrides both the
prompt argument and the
PAM_AUTHTOK_PROMPT
item.echo_pass
oldauthtok_prompt
PAM_OLDAUTHTOK
. This option overrides both the
prompt argument and the
PAM_OLDAUTHTOK_PROMPT
item.try_first_pass
pam_get_authtok
() a second time.use_first_pass
PAM_AUTH_ERR
if there is none.pam_get_authtok
() function returns one of the
following values:
PAM_SUCCESS
]PAM_BAD_CONSTANT
]PAM_BAD_ITEM
]PAM_BUF_ERR
]PAM_CONV_ERR
]PAM_SYSTEM_ERR
]PAM_TRY_AGAIN
]pam_get_authtok
() function is an OpenPAM extension.
pam_get_authtok
() function and this manual page were
developed for the FreeBSD Project by ThinkSec AS and
Network Associates Laboratories, the Security Research Division of Network
Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
(“CBOSS”), as part of the DARPA CHATS research program.
The OpenPAM library is maintained by Dag-Erling Smørgrav <des@des.no>.
April 30, 2017 | NetBSD 9.2 |