NAME
pam_authenticate
- perform authentication within the PAM framework
LIBRARY
SYNOPSIS
int
pam_authenticate(
pam_handle_t *pamh
, int flags
)
DESCRIPTION
The
pam_authenticate
function attempts to authenticate the user
associated with the pam context specified by the
pamh
argument.
The application is free to call
pam_authenticate
as many times as it
wishes, but some modules may maintain an internal retry counter and
return
PAM_MAXTRIES
when it exceeds some preset or hardcoded limit.
The
flags
argument is the binary or of zero or more of the following
values:
PAM_SILENT
-
Do not emit any messages.
PAM_DISALLOW_NULL_AUTHTOK
-
Fail if the user's authentication token is null.
If any other bits are set,
pam_authenticate
will return
PAM_SYMBOL_ERR
.
RETURN VALUES
The
pam_authenticate
function returns one of the following values:
- [
PAM_ABORT
] -
General failure.
- [
PAM_AUTHINFO_UNAVAIL
] -
Authentication information is unavailable.
- [
PAM_AUTH_ERR
] -
Authentication error.
- [
PAM_BUF_ERR
] -
Memory buffer error.
- [
PAM_CONV_ERR
] -
Conversation failure.
- [
PAM_CRED_INSUFFICIENT
] -
Insufficient credentials.
- [
PAM_MAXTRIES
] -
Maximum number of tries exceeded.
- [
PAM_PERM_DENIED
] -
Permission denied.
- [
PAM_SERVICE_ERR
] -
Error in service module.
- [
PAM_SYMBOL_ERR
] -
Invalid symbol.
- [
PAM_SYSTEM_ERR
] -
System error.
- [
PAM_USER_UNKNOWN
] -
Unknown user.
SEE ALSO
pam(3),
pam_strerror(3)
STANDARDS
AUTHORS
The
pam_authenticate
function and this manual page were developed for the
FreeBSD
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc. under
DARPA/SPAWAR contract N66001-01-C-8035
(``CBOSS''),
as part of the DARPA CHATS research program.