NAME

pam_authenticate - perform authentication within the PAM framework

LIBRARY

SYNOPSIS



int pam_authenticate(pam_handle_t *pamh, int flags)

DESCRIPTION

The pam_authenticate function attempts to authenticate the user associated with the pam context specified by the pamh argument.

The application is free to call pam_authenticate as many times as it wishes, but some modules may maintain an internal retry counter and return PAM_MAXTRIES when it exceeds some preset or hardcoded limit.

The flags argument is the binary or of zero or more of the following values:

PAM_SILENT
Do not emit any messages.

PAM_DISALLOW_NULL_AUTHTOK
Fail if the user's authentication token is null.

If any other bits are set, pam_authenticate will return PAM_SYMBOL_ERR.

RETURN VALUES

The pam_authenticate function returns one of the following values:

[PAM_ABORT]
General failure.

[PAM_AUTHINFO_UNAVAIL]
Authentication information is unavailable.

[PAM_AUTH_ERR]
Authentication error.

[PAM_BUF_ERR]
Memory buffer error.

[PAM_CONV_ERR]
Conversation failure.

[PAM_CRED_INSUFFICIENT]
Insufficient credentials.

[PAM_MAXTRIES]
Maximum number of tries exceeded.

[PAM_PERM_DENIED]
Permission denied.

[PAM_SERVICE_ERR]
Error in service module.

[PAM_SYMBOL_ERR]
Invalid symbol.

[PAM_SYSTEM_ERR]
System error.

[PAM_USER_UNKNOWN]
Unknown user.

SEE ALSO

pam(3), pam_strerror(3)

STANDARDS

AUTHORS

The pam_authenticate function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 (``CBOSS''), as part of the DARPA CHATS research program.