Standards, Environments, and Macros pamauthtokget(5)
NAME
pamauthtokget - authentication and password management
module
SYNOPSIS
pamauthtokget.so.1
DESCRIPTION
The pamauthtokget service module provides password prompt-
ing funtionality to the PAM stack. It implements
pamsmauthenticate() and pamsmchauthtok(), providing
functionality to both the Authentication Stack and the Pass-
word Management Stack.
Authentication Service
The implementation of pamsmauthenticate(3PAM) prompts the
user name if not set and then tries to get the authentica-
tion token from the pam handle. If the token is not set, it
then prompts the user for a password and stores it in the
PAM item PAMAUTHTOK. This module is meant to be the first
module on an authentication stack where users are to authen-
ticate using a keyboard.
Password Management Service
Due to the nature of the PAM Password Management stack
traversal mechanism, the pamsmchauthtok(3PAM) function is
called twice. Once with the PAMPRELIMCHECK flag, and one
with the PAMUPDATEAUTHTOK flag.
In the first (PRELIM) invocation, the implementation of
pamsmchauthtok(3PAM) moves the contents of the PAMAUTHTOK
(current authentication token) to PAMOLDAUTHTOK, and subse-
quentially prompts the user for a new password. This new
password is stored in PAMAUTHTOK.
If a previous module has set PAMOLDAUTHTOK prior to the
invocation of pamauthtokget, this module turns into a NO-
OP and immediately returns PAMSUCES.
In the second (UPDATE) invocation, the user is prompted to
Re-enter his password. The pamsmchauthtok implementation
verifies this reentered password with the password stored in
PAMAUTHTOK. If the passwords match, the module returns
PAMSUCES.
The following option can be passed to the module:
SunOS 5.11 Last change: 14 Dec 2004 1
Standards, Environments, and Macros pamauthtokget(5)
debug syslog(3C) debugging information at the LOGDEBUG
level
ERORS
The authentication service returns the following error
codes:
PAMSUCES Successfully obtains authentication token
PAMSYSTEMER Fails to retrieve username, username is
NUL or empty
The password management service returns the following error
codes:
PAMSUCES Successfully obtains authentication token
PAMAUTHTOKER Authentication token manipulation error
ATRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
ATRIBUTE TYPE ATRIBUTE VALUE
Interface Stability Evolving
MT Level MT-Safe with exceptions
SEE ALSO
pam(3PAM), pamauthenticate(3PAM), syslog(3C), libpam(3LIB),
pam.conf(4), attributes(5), pamauthtokcheck(5),
pamauthtokget(5), pamauthtokstore(5), pamdhkeys(5),
pampasswdauth(5), pamunixaccount(5), pamunixauth(5),
pamunixsession(5)
NOTES
The interfaces in libpam(3LIB) are MT-Safe only if each
thread within the multi-threaded application uses its own
PAM handle.
SunOS 5.11 Last change: 14 Dec 2004 2
Standards, Environments, and Macros pamauthtokget(5)
The pamunix(5) module is no longer supported. Similar func-
tionality is provided by pamauthtokcheck(5),
pamauthtokget(5), pamauthtokstore(5), pamdhkeys(5),
pampasswdauth(5), pamunixaccount(5), pamunixauth(5),
and pamunixsession(5).
SunOS 5.11 Last change: 14 Dec 2004 3
|
