tail head cat sleep
QR code linking to this page

Manual Pages  — PAM_AUTHENTICATE

NAME

pam_authenticate – perform authentication within the PAM framework

CONTENTS

SYNOPSIS

#include <sys/types.h>
#include <security/pam_appl.h>

int
pam_authenticate(pam_handle_t *pamh, int flags);

DESCRIPTION

The pam_authenticate() function attempts to authenticate the user associated with the pam context specified by the pamh argument.

The application is free to call pam_authenticate() as many times as it wishes, but some modules may maintain an internal retry counter and return PAM_MAXTRIES when it exceeds some preset or hardcoded limit.

The flags argument is the binary or of zero or more of the following values:
PAM_SILENT
  Do not emit any messages.
PAM_DISALLOW_NULL_AUTHTOK
  Fail if the user's authentication token is null.

If any other bits are set, pam_authenticate() will return PAM_BAD_CONSTANT.

RETURN VALUES

The pam_authenticate() function returns one of the following values:
[PAM_SUCCESS]
  Success.
[PAM_ABORT]
  General failure.
[PAM_AUTHINFO_UNAVAIL]
  Authentication information is unavailable.
[PAM_AUTH_ERR]
  Authentication error.
[PAM_BAD_CONSTANT]
  Bad constant.
[PAM_BUF_ERR]
  Memory buffer error.
[PAM_CONV_ERR]
  Conversation failure.
[PAM_CRED_INSUFFICIENT]
  Insufficient credentials.
[PAM_MAXTRIES]
  Maximum number of tries exceeded.
[PAM_PERM_DENIED]
  Permission denied.
[PAM_SERVICE_ERR]
  Error in service module.
[PAM_SYSTEM_ERR]
  System error.
[PAM_USER_UNKNOWN]
  Unknown user.

SEE ALSO

pam(3), pam_strerror(3)

STANDARDS

X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules, June 1997.

AUTHORS

The pam_authenticate() function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research program.

The OpenPAM library is maintained by Dag-Erling Sm/orgrav <Mt des@des.no>.


PAM_AUTHENTICATE (3) April 30, 2017

tail head cat sleep
QR code linking to this page


Please direct any comments about this manual page service to Ben Bullock. Privacy policy.

Ken Thompson was once asked by a reporter what he would have changed about Unix if he had it all to do over again. His answer: “I would spell creat with an ‘e.'”