NAME
pam_get_authtok
- retrieve authentication token
LIBRARY
SYNOPSIS
int
pam_get_authtok(
pam_handle_t *pamh
, int item
, const char **authtok
, const char *prompt
)
DESCRIPTION
The
pam_get_authtok
function returns the cached authentication token,
or prompts the user if no token is currently cached.
Either way, a pointer to the authentication token is stored in the
location pointed to by the
authtok
argument.
The
item
argument must have one of the following values:
PAM_AUTHTOK
-
Returns the current authentication token, or the new token
when changing authentication tokens.
PAM_OLDAUTHTOK
-
Returns the previous authentication token when changing
authentication tokens.
The
prompt
argument specifies a prompt to use if no token is cached.
If it is
NULL
,
the
PAM_AUTHTOK_PROMPT
or
PAM_OLDAUTHTOK_PROMPT
item,
as appropriate, will be used.
If that item is also
NULL
,
a hardcoded default prompt will be used.
If
item
is set to
PAM_AUTHTOK
and there is a non-null
PAM_OLDAUTHTOK
item,
pam_get_authtok
will ask the user to confirm the new token by
retyping it.
If there is a mismatch,
pam_get_authtok
will return
PAM_TRY_AGAIN
.
RETURN VALUES
The
pam_get_authtok
function returns one of the following values:
- [
PAM_BUF_ERR
] -
Memory buffer error.
- [
PAM_CONV_ERR
] -
Conversation failure.
- [
PAM_SYSTEM_ERR
] -
System error.
- [
PAM_TRY_AGAIN
] -
Try again.
SEE ALSO
pam(3),
pam_get_item(3),
pam_get_user(3),
pam_strerror(3)
STANDARDS
The
pam_get_authtok
function is an OpenPAM extension.
AUTHORS
The
pam_get_authtok
function and this manual page were developed for the
FreeBSD
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc. under
DARPA/SPAWAR contract N66001-01-C-8035
(``CBOSS''),
as part of the DARPA CHATS research program.