1
<?xml version="1.0" encoding="UTF-8"?>
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
3
"http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
5
<refentry id="pam_get_authtok">
8
<refentrytitle>pam_get_authtok</refentrytitle>
9
<manvolnum>3</manvolnum>
10
<refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
13
<refnamediv id="pam_get_authtok-name">
14
<refname>pam_get_authtok</refname>
15
<refpurpose>get authentication token</refpurpose>
18
<!-- body begins here -->
20
<refsynopsisdiv id="pam_get_authtok-synopsis">
22
<funcsynopsisinfo>#include <security/pam_ext.h></funcsynopsisinfo>
24
<funcdef>int <function>pam_get_authtok</function></funcdef>
25
<paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef>
26
<paramdef>int <parameter>item</parameter></paramdef>
27
<paramdef>const char **<parameter>authtok</parameter></paramdef>
28
<paramdef>const char *<parameter>prompt</parameter></paramdef>
33
<refsect1 id='pam_get_authtok-description'>
34
<title>DESCRIPTION</title>
36
The <function>pam_get_authtok</function> function returns the
37
cached authentication token, or prompts the user if no token is
38
currently cached. It is intended for internal use by Linux-PAM and
39
PAM service modules. Upon successful return,
40
<emphasis>authtok</emphasis> contains a pointer to the value of the
41
authentication token. Note, this is a pointer to the
42
<emphasis>actual</emphasis> data and should
43
<emphasis remap="B">not</emphasis> be <emphasis>free()</emphasis>'ed or
47
The <emphasis>prompt</emphasis> argument specifies a prompt to use
48
if no token is cached. If a NULL pointer
49
is given, <function>pam_get_authtok</function> uses pre-defined prompts.
52
The following values are supported for <emphasis>item</emphasis>:
56
<term>PAM_AUTHTOK</term>
59
Returns the current authentication token. Called from
60
<citerefentry><refentrytitle>pam_sm_chauthtok</refentrytitle><manvolnum>3</manvolnum>
61
</citerefentry> <function>pam_get_authtok</function> will
62
ask the user to confirm the new token by retyping it. If
63
a prompt was specified, "Retype" will be used as prefix.
68
<term>PAM_OLDAUTHTOK</term>
71
Returns the previous authentication token when changing
72
authentication tokens.
79
<refsect1 id="pam_get_authtok-options">
80
<title>OPTIONS</title>
82
<function>pam_get_authtok</function> honours the following module
88
<option>try_first_pass</option>
92
Before prompting the user for their password, the module first
93
tries the previous stacked module's password in case that
94
satisfies this module as well.
100
<option>use_first_pass</option>
104
The argument <option>use_first_pass</option> forces the module
105
to use a previous stacked modules password and will never prompt
106
the user - if no password is available or the password is not
107
appropriate, the user will be denied access.
113
<option>use_authtok</option>
117
When password changing enforce the module to set the new
118
token to the one provided by a previously stacked
119
<option>password</option> module. If no token is available
120
token changing will fail.
126
<option>authtok_type=<replaceable>XXX</replaceable></option>
130
The default action is for the module to use the
131
following prompts when requesting passwords:
132
"New UNIX password: " and "Retype UNIX password: ".
133
The example word <emphasis>UNIX</emphasis> can
134
be replaced with this option, by default it is empty.
142
<refsect1 id="pam_get_authtok-return_values">
143
<title>RETURN VALUES</title>
146
<term>PAM_AUTH_ERR</term>
149
Authentication token could not be retrieved.
154
<term>PAM_AUTHTOK_ERR</term>
157
New authentication could not be retrieved.
162
<term>PAM_SUCCESS</term>
165
Authentication token was successful retrieved.
170
<term>PAM_SYSTEM_ERR</term>
173
No space for an authentication token was provided.
178
<term>PAM_TRY_AGAIN</term>
181
New authentication tokens mismatch.
188
<refsect1 id='pam_get_authtok-see_also'>
189
<title>SEE ALSO</title>
192
<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
197
<refsect1 id='pam_get_authtok-standards'>
198
<title>STANDARDS</title>
200
The <function>pam_get_authtok</function> function is a Linux-PAM