Skip site navigation (1)Skip section navigation (2)

FreeBSD Man Pages

Man Page or Keyword Search:
Man Architecture
Apropos Keyword Search (all sections) Output format
home | help
PAM_GET_AUTHTOK(3)     FreeBSD Library Functions Manual     PAM_GET_AUTHTOK(3)

NAME
     pam_get_authtok - retrieve authentication token

LIBRARY
     Pluggable Authentication Module Library (libpam, -lpam)

SYNOPSIS
     #include <sys/types.h>
     #include <security/pam_appl.h>

     int
     pam_get_authtok(pam_handle_t *pamh, int item, const char **authtok,
         const char *prompt);

DESCRIPTION
     The pam_get_authtok() function returns the cached authentication token,
     or prompts the user if no token is currently cached.  Either way, a
     pointer to the authentication token is stored in the location pointed to
     by the authtok argument.

     The item argument must have one of the following values:

     PAM_AUTHTOK         Returns the current authentication token, or the new
                         token when changing authentication tokens.

     PAM_OLDAUTHTOK      Returns the previous authentication token when
                         changing authentication tokens.

     The prompt argument specifies a prompt to use if no token is cached.  If
     it is NULL, the PAM_AUTHTOK_PROMPT or PAM_OLDAUTHTOK_PROMPT item, as
     appropriate, will be used.  If that item is also NULL, a hardcoded
     default prompt will be used.  Either way, the prompt is expanded using
     openpam_subst(3) before it is passed to the conversation function.

     If pam_get_authtok() is called from a module and the authtok_prompt /
     oldauthtok_prompt option is set in the policy file, the value of that
     option takes precedence over both the prompt argument and the
     PAM_AUTHTOK_PROMPT / PAM_OLDAUTHTOK_PROMPT item.

     If item is set to PAM_AUTHTOK and there is a non-null PAM_OLDAUTHTOK
     item, pam_get_authtok() will ask the user to confirm the new token by
     retyping it.  If there is a mismatch, pam_get_authtok() will return
     PAM_TRY_AGAIN.

RETURN VALUES
     The pam_get_authtok() function returns one of the following values:

     [PAM_BUF_ERR]       Memory buffer error.

     [PAM_CONV_ERR]      Conversation failure.

     [PAM_SYSTEM_ERR]    System error.

     [PAM_TRY_AGAIN]     Try again.

SEE ALSO
     openpam_subst(3), pam(3), pam_get_item(3), pam_get_user(3),
     pam_strerror(3)

STANDARDS
     The pam_get_authtok() function is an OpenPAM extension.

AUTHORS
     The pam_get_authtok() function and this manual page were developed for
     the FreeBSD Project by ThinkSec AS and Network Associates Laboratories,
     the Security Research Division of Network Associates, Inc. under
     DARPA/SPAWAR contract N66001-01-C-8035 (``CBOSS''), as part of the DARPA
     CHATS research program.

FreeBSD 11.0-PRERELEASE          May 26, 2012          FreeBSD 11.0-PRERELEASE

NAME | LIBRARY | SYNOPSIS | DESCRIPTION | RETURN VALUES | SEE ALSO | STANDARDS | AUTHORS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=pam_get_authtok&sektion=3&manpath=FreeBSD+9.2-RELEASE>

home | help