NAME

pam_get_authtok — retrieve authentication token

LIBRARY

Pluggable Authentication Module Library (libpam, -lpam)

SYNOPSIS

#include <sys/types.h>
#include <security/pam_appl.h>

int
pam_get_authtok(pam_handle_t *pamh, int item, const char **authtok, const char *prompt);

DESCRIPTION

The pam_get_authtok function returns the cached authentication token, or prompts the user if no token is currently cached. Either way, a pointer to the authentication token is stored in the location pointed to by the authtok argument.

The item argument must have one of the following values:

PAM_AUTHTOK

Returns the current authentication token, or the new token when changing authentication tokens.

PAM_OLDAUTHTOK

Returns the previous authentication token when changing authentication tokens.

The prompt argument specifies a prompt to use if no token is cached. If it is NULL, the PAM_AUTHTOK_PROMPT or PAM_OLDAUTHTOK_PROMPT item, as appropriate, will be used. If that item is also NULL, a hardcoded default prompt will be used.

If item is set to PAM_AUTHTOK and there is a non-null PAM_OLDAUTHTOK item, pam_get_authtok will ask the user to confirm the new token by retyping it. If there is a mismatch, pam_get_authtok will return PAM_TRY_AGAIN.

RETURN VALUES

The pam_get_authtok function returns one of the following values:

[PAM_BUF_ERR]

Memory buffer error.

[PAM_CONV_ERR]

Conversation failure.

[PAM_SYSTEM_ERR]

System error.

[PAM_TRY_AGAIN]

Try again.

SEE ALSO

pam(3), pam_get_item(3), pam_get_user(3), pam_strerror(3)

STANDARDS

The pam_get_authtok function is an OpenPAM extension.

AUTHORS

The pam_get_authtok function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 (“CBOSS”), as part of the DARPA CHATS research program.