PAM Library Functions pamchauthtok(3PAM)
NAME
pamchauthtok - perform password related functions within
the PAM framework
SYNOPSIS
cc [ flag ... ] file ... -lpam [ library ... ]
#include
int pamchauthtok(pamhandlet *pamh, const int flags);
DESCRIPTION
The pamchauthtok() function is called to change the authen-
tication token associated with a particular user referenced
by the authentication handle pamh.
The following flag may be passed in to pamchauthtok():
PAMSILENT The password service should
not generate any messages.
PAMCHANGEXPIREDAUTHTOK The password service should
only update those passwords
that have aged. If this flag
is not passed, all password
services should update their
passwords.
PAMNOAUTHTOKCHECK The password service should
not perform conformance checks
on the password entered.
Upon successful completion of the call, the authentication
token of the user will be changed in accordance with the
password service configured in the system through
pam.conf(4).
RETURN VALUES
Upon successful completion, PAMSUCES is returned. In
addition to the error return values described in pam(3PAM),
the following values may be returned:
PAMPERMDENIED No permission.
PAMAUTHTOKER Authentication token manipula-
tion error.
SunOS 5.11 Last change: 1 Mar 2005 1
PAM Library Functions pamchauthtok(3PAM)
PAMAUTHTOKRECOVERYER Authentication information can-
not be recovered.
PAMAUTHTOKLOCKBUSY Authentication token lock busy.
PAMAUTHTOKDISABLEAGING Authentication token aging dis-
abled.
PAMUSERUNKNOWN User unknown to password ser-
vice.
PAMTRYAGAIN Preliminary check by password
service failed.
ATRIBUTES
See attributes(5) for description of the following attri-
butes:
ATRIBUTE TYPE ATRIBUTE VALUE
Interface Stability Stable
MT-Level MT-Safe with exceptions
SEE ALSO
login(1), passwd(1), pam(3PAM), pamauthenticate(3PAM),
pamstart(3PAM), attributes
NOTES
The flag PAMCHANGEXPIREDAUTHTOK is typically used by a
login application which has determined that the user's pass-
word has aged or expired. Before allowing the user to login,
the login application may invoke pamchauthtok() with this
flag to allow the user to update the password. Typically,
applications such as passwd(1) should not use this flag.
The pamchauthtok() functions performs a preliminary check
before attempting to update passwords. This check is per-
formed for each password module in the stack as listed in
pam.conf(4). The check may include pinging remote name ser-
vices to determine if they are available. If pamchauthtok()
SunOS 5.11 Last change: 1 Mar 2005 2
PAM Library Functions pamchauthtok(3PAM)
returns PAMTRYAGAIN, then the check has failed, and pass-
words are not updated.
The flag PAMNOAUTHTOKCHECK is typically used by programs
that allow an administrator to bypass various password con-
formance checks when setting a password for a user.
The interfaces in libpam are MT-Safe only if each thread
within the multithreaded application uses its own PAM han-
dle.
SunOS 5.11 Last change: 1 Mar 2005 3
|
