pam_authenticateperform authentication within the PAM framework

Pluggable Authentication Module Library (libpam, -lpam)

#include <sys/types.h>
#include <security/pam_appl.h>

pam_authenticate(pam_handle_t *pamh, int flags);

The pam_authenticate function attempts to authenticate the user associated with the pam context specified by the pamh argument.

The application is free to call pam_authenticate as many times as it wishes, but some modules may maintain an internal retry counter and return PAM_MAXTRIES when it exceeds some preset or hardcoded limit.

The flags argument is the binary or of zero or more of the following values:

Do not emit any messages.
Fail if the user's authentication token is null.

If any other bits are set, pam_authenticate will return PAM_SYMBOL_ERR.

The pam_authenticate function returns one of the following values:

General failure.
Authentication information is unavailable.
Authentication error.
Memory buffer error.
Conversation failure.
Insufficient credentials.
Maximum number of tries exceeded.
Permission denied.
Error in service module.
Invalid symbol.
System error.
Unknown user.

pam(3), pam_strerror(3)

X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules, June 1997.

The pam_authenticate function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 (“CBOSS”), as part of the DARPA CHATS research program.

December 21, 2007 macOS 14.4