#include <security/pam_ext.h>
int
pam_get_authtok( |
pam_handle_t *pamh, |
int item, | |
const char **authtok, | |
const char *prompt) ; |
int
pam_get_authtok_noverify( |
pam_handle_t *pamh, |
const char **authtok, | |
const char *prompt) ; |
int
pam_get_authtok_verify( |
pam_handle_t *pamh, |
const char **authtok, | |
const char *prompt) ; |
The pam_get_authtok
function
returns the cached authentication token, or prompts the user
if no token is currently cached. It is intended for internal
use by Linux-PAM and PAM service modules. Upon successful
return, authtok
contains a pointer to the value of the authentication token.
Note, this is a pointer to the actual data and should
not be free()'ed or over-written!
The prompt argument
specifies a prompt to use if no token is cached. If a NULL
pointer is given, pam_get_authtok
uses pre-defined
prompts.
The following values are supported for item:
Returns the current authentication token. Called
from pam_sm_chauthtok(3)
pam_get_authtok
will ask
the user to confirm the new token by retyping it. If a
prompt was specified, "Retype" will be used as
prefix.
Returns the previous authentication token when changing authentication tokens.
The pam_get_authtok_noverify
function can only be used for changing the password (from
pam_sm_chauthtok(3)). It
returns the cached authentication token, or prompts the user
if no token is currently cached. The difference to
pam_get_authtok
is, that this
function does not ask a second time for the password to
verify it. Upon successful return, authtok contains a pointer to the
value of the authentication token. Note, this is a pointer to
the actual data and
should not be
free()'ed or
over-written!
The pam_get_authtok_verify
function can only be used to verify a password for mistypes
gotten by pam_get_authtok_noverify(3).
This function asks a second time for the password and verify
it with the password provided by authtok argument. In case of an
error, the value of authtok is undefined. Else this
argument will point to the actual data and should
not be free()'ed or over-written!
pam_get_authtok
honours the
following module options:
try_first_pass
Before prompting the user for their password, the module first tries the previous stacked module's password in case that satisfies this module as well.
use_first_pass
The argument use_first_pass
forces the module to use
a previous stacked modules password and will never
prompt the user - if no password is available or the
password is not appropriate, the user will be denied
access.
use_authtok
When password changing enforce the module to set the
new token to the one provided by a previously stacked
password
module. If no
token is available token changing will fail.
authtok_type=XXX
The default action is for the module to use the following prompts when requesting passwords: "New UNIX password: " and "Retype UNIX password: ". The example word UNIX can be replaced with this option, by default it is empty.
Authentication token could not be retrieved.
New authentication could not be retrieved.
Authentication token was successfully retrieved.
No space for an authentication token was provided.
New authentication tokens mismatch.
The pam_get_authtok
function
is a Linux-PAM extensions.
See Linux-PAM copyright notice for more information.
|