Movatterモバイル変換

pam_get_authtok(3) — Linux manual page

PAM_GET_AUTHTOK(3)           Linux-PAM ManualPAM_GET_AUTHTOK(3)

NAME        top

       pam_get_authtok, pam_get_authtok_verify, pam_get_authtok_noverify       - get authentication token

SYNOPSIS        top

#include <security/pam_ext.h>int pam_get_authtok(pam_handle_t *pamh, intitem,const char **authtok, const char *prompt);int pam_get_authtok_noverify(pam_handle_t *pamh,const char **authtok,const char *prompt);int pam_get_authtok_verify(pam_handle_t *pamh,const char **authtok,const char *prompt);

DESCRIPTION        top

       Thepam_get_authtokfunction returns the cached authentication       token, or prompts the user if no token is currently cached. It is       intended for internal use by Linux-PAM and PAM service modules.       Upon successful return,authtok contains a pointer to the value of       the authentication token. Note, this is a pointer to theactual       data and shouldnotbefree()'ed or over-written!       Theprompt argument specifies a prompt to use if no token is       cached. If a NULL pointer is given,pam_get_authtokuses       pre-defined prompts.       The following values are supported foritem:       PAM_AUTHTOK           Returns the current authentication token. Called frompam_sm_chauthtok(3)pam_get_authtokwill ask the user to           confirm the new token by retyping it. If a prompt was           specified, "Retype" will be used as prefix.       PAM_OLDAUTHTOK           Returns the previous authentication token when changing           authentication tokens.       Thepam_get_authtok_noverifyfunction can only be used for       changing the password (frompam_sm_chauthtok(3)). It returns the       cached authentication token, or prompts the user if no token is       currently cached. The difference topam_get_authtokis, that this       function does not ask a second time for the password to verify it.       Upon successful return,authtok contains a pointer to the value of       the authentication token. Note, this is a pointer to theactual       data and shouldnotbefree()'ed or over-written!       Thepam_get_authtok_verifyfunction can only be used to verify a       password for mistypes gotten bypam_get_authtok_noverify(3). This       function asks a second time for the password and verify it with       the password provided byauthtok argument. In case of an error,       the value ofauthtok is undefined. Else this argument will point       to theactual data and shouldnotbefree()'ed or over-written!

OPTIONS        top

pam_get_authtokhonours the following module options:try_first_pass           Before prompting the user for their password, the module first           tries the previous stacked module's password in case that           satisfies this module as well.use_first_pass           The argumentuse_first_passforces the module to use a           previous stacked modules password and will never prompt the           user - if no password is available or the password is not           appropriate, the user will be denied access.use_authtok           When password changing enforce the module to set the new token           to the one provided by a previously stackedpasswordmodule.           If no token is available token changing will fail.authtok_type=XXX           The default action is for the module to use the following           prompts when requesting passwords: "New UNIX password: " and           "Retype UNIX password: ". The example wordUNIX can be           replaced with this option, by default it is empty.

RETURN VALUES        top

       PAM_AUTH_ERR           Authentication token could not be retrieved.       PAM_AUTHTOK_ERR           New authentication could not be retrieved.       PAM_SUCCESS           Authentication token was successfully retrieved.       PAM_SYSTEM_ERR           No space for an authentication token was provided.       PAM_TRY_AGAIN           New authentication tokens mismatch.

SEE ALSO        top

pam(8)

STANDARDS        top

       Thepam_get_authtokfunction is a Linux-PAM extensions.

COLOPHON        top

       This page is part of thelinux-pam (Pluggable Authentication       Modules for Linux) project.  Information about the project can be       found at ⟨http://www.linux-pam.org/⟩.  If you have a bug report       for this manual page, see ⟨//www.linux-pam.org/⟩.  This page was       obtained from the project's upstream Git repository       ⟨https://github.com/linux-pam/linux-pam.git⟩ on 2023-12-22.  (At       that time, the date of the most recent commit that was found in       the repository was 2023-12-18.)  If you discover any rendering       problems in this HTML version of the page, or you believe there is       a better or more up-to-date source for the page, or you have       corrections or improvements to the information in this COLOPHON       (which isnot part of the original manual page), send a mail to       man-pages@man7.orgLinux-PAM Manual                12/22/2023PAM_GET_AUTHTOK(3)

Pages that refer to this page:pam_get_authtok(3), pam_get_item(3), pam_set_item(3), pam_pwhistory(8), pam_systemd_loadkey(8)

HTML rendering created 2025-09-06 byMichael Kerrisk, author ofThe Linux Programming Interface. For details of in-depthLinux/UNIX system programming training courses that I teach, lookhere. Hosting byjambit GmbH.