NAME
pam_get_authtok —
retrieve authentication
token
LIBRARY
Pluggable Authentication Module Library (libpam, -lpam)
SYNOPSIS
#include
<sys/types.h>
#include
<security/pam_appl.h>
int
pam_get_authtok(pam_handle_t
*pamh, int item,
const char **authtok,
const char *prompt);
DESCRIPTION
The pam_get_authtok function returns the
cached authentication token, or prompts the user if no token is currently
cached. Either way, a pointer to the authentication token is stored in the
location pointed to by the authtok argument.
The item argument must have one of the following values:
PAM_AUTHTOK- Returns the current authentication token, or the new token when changing authentication tokens.
PAM_OLDAUTHTOK- Returns the previous authentication token when changing authentication tokens.
The prompt argument specifies a prompt to
use if no token is cached. If it is NULL, the
PAM_AUTHTOK_PROMPT or
PAM_OLDAUTHTOK_PROMPT item, as appropriate, will be
used. If that item is also NULL, a hardcoded default
prompt will be used.
If item is set to
PAM_AUTHTOK and there is a non-null
PAM_OLDAUTHTOK item,
pam_get_authtok will ask the user to confirm the new
token by retyping it. If there is a mismatch,
pam_get_authtok will return
PAM_TRY_AGAIN.
RETURN VALUES
The pam_get_authtok function returns one
of the following values:
- [
PAM_BUF_ERR] - Memory buffer error.
- [
PAM_CONV_ERR] - Conversation failure.
- [
PAM_SYSTEM_ERR] - System error.
- [
PAM_TRY_AGAIN] - Try again.
SEE ALSO
STANDARDS
The pam_get_authtok function is an OpenPAM
extension.
AUTHORS
The pam_get_authtok function and this
manual page were developed for the FreeBSD Project
by ThinkSec AS and Network Associates Laboratories, the Security Research
Division of Network Associates, Inc. under DARPA/SPAWAR contract
N66001-01-C-8035 (“CBOSS”), as part of the DARPA CHATS
research program.