| Main index | Section 3 | Options |
#include <sys/types.h>
#include <security/pam_appl.h>
The item argument must have one of the following values:
| PAM_AUTHTOK | |
| Returns the current authentication token, or the new token when changing authentication tokens. | |
| PAM_OLDAUTHTOK | |
| Returns the previous authentication token when changing authentication tokens. | |
The prompt argument specifies a prompt to use if no token is cached. If it is NULL, the PAM_AUTHTOK_PROMPT or PAM_OLDAUTHTOK_PROMPT item, as appropriate, will be used. If that item is also NULL, a hardcoded default prompt will be used. Additionally, when pam_get_authtok() is called from a service module, the prompt may be affected by module options as described below. The prompt is then expanded using openpam_subst(3) before it is passed to the conversation function.
If item is set to PAM_AUTHTOK and there is a non-null PAM_OLDAUTHTOK item, pam_get_authtok() will ask the user to confirm the new token by retyping it. If there is a mismatch, pam_get_authtok() will return PAM_TRY_AGAIN.
| authtok_prompt | |
| Prompt to use when item is set to PAM_AUTHTOK. This option overrides both the prompt argument and the PAM_AUTHTOK_PROMPT item. | |
| echo_pass | |
| If the application's conversation function allows it, this lets the user see what they are typing. This should only be used for non-reusable authentication tokens. | |
| oldauthtok_prompt | |
| Prompt to use when item is set to PAM_OLDAUTHTOK. This option overrides both the prompt argument and the PAM_OLDAUTHTOK_PROMPT item. | |
| try_first_pass | |
| If the requested item is non-null, return it without prompting the user. Typically, the service module will verify the token, and if it does not match, clear the item before calling pam_get_authtok() a second time. | |
| use_first_pass | |
| Do not prompt the user at all; just return the cached value, or PAM_AUTH_ERR if there is none. | |
| [PAM_SUCCESS] | |
| Success. | |
| [PAM_BAD_CONSTANT] | |
| Bad constant. | |
| [PAM_BAD_ITEM] | |
| Unrecognized or restricted item. | |
| [PAM_BUF_ERR] | |
| Memory buffer error. | |
| [PAM_CONV_ERR] | |
| Conversation failure. | |
| [PAM_SYSTEM_ERR] | |
| System error. | |
| [PAM_TRY_AGAIN] | |
| Try again. | |
The OpenPAM library is maintained by Dag-Erling Sm/orgrav <Mt des@des.no>.
| PAM_GET_AUTHTOK (3) | April 30, 2017 |
| Main index | Section 3 | Options |
Please direct any comments about this manual page service to Ben Bullock. Privacy policy.
| “ | "I liken starting one's computing career with Unix, say as an undergraduate, to being born in East Africa. It is intolerably hot, your body is covered with lice and flies, you are malnourished and you suffer from numerous curable diseases. But, as far as young East Africans can tell, this is simply the natural condition and they live within it. By the time they find out differently, it is too late. They already think that the writing of shell scripts is a natural act." | ” |
| — Ken Pier, Xerox PARC | ||