Manual Pages  — PAM_AUTHENTICATE

pam_authenticate – perform authentication within the PAM framework

SYNOPSIS DESCRIPTION RETURN VALUES SEE ALSO STANDARDS AUTHORS

#include <sys/types.h>

#include <security/pam_appl.h>

int
pam_authenticate(pam_handle_t *pamh, int flags);

The pam_authenticate() function attempts to authenticate the user associated with the pam context specified by the pamh argument.

The application is free to call pam_authenticate() as many times as it wishes, but some modules may maintain an internal retry counter and return PAM_MAXTRIES when it exceeds some preset or hardcoded limit.

The flags argument is the binary or of zero or more of the following values:

PAM_SILENT
	Do not emit any messages.
PAM_DISALLOW_NULL_AUTHTOK
	Fail if the user's authentication token is null.

If any other bits are set, pam_authenticate() will return PAM_BAD_CONSTANT.

The pam_authenticate() function returns one of the following values:

[PAM_SUCCESS]
	Success.
[PAM_ABORT]
	General failure.
[PAM_AUTHINFO_UNAVAIL]
	Authentication information is unavailable.
[PAM_AUTH_ERR]
	Authentication error.
[PAM_BAD_CONSTANT]
	Bad constant.
[PAM_BUF_ERR]
	Memory buffer error.
[PAM_CONV_ERR]
	Conversation failure.
[PAM_CRED_INSUFFICIENT]
	Insufficient credentials.
[PAM_MAXTRIES]
	Maximum number of tries exceeded.
[PAM_PERM_DENIED]
	Permission denied.
[PAM_SERVICE_ERR]
	Error in service module.
[PAM_SYSTEM_ERR]
	System error.
[PAM_USER_UNKNOWN]
	Unknown user.

X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules, June 1997.

The pam_authenticate() function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.amp; under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research program.

The OpenPAM library is maintained by Dag-Erling Sm/orgrav <Mt des@des.no>.