NAME |SYNOPSIS |DESCRIPTION |OPTIONS |RETURN VALUES |SEE ALSO |STANDARDS |COLOPHON | |
PAM_GET_AUTHTOK(3) Linux-PAM ManualPAM_GET_AUTHTOK(3)pam_get_authtok, pam_get_authtok_verify, pam_get_authtok_noverify - get authentication token
#include <security/pam_ext.h>int pam_get_authtok(pam_handle_t *pamh, intitem,const char **authtok, const char *prompt);int pam_get_authtok_noverify(pam_handle_t *pamh,const char **authtok,const char *prompt);int pam_get_authtok_verify(pam_handle_t *pamh,const char **authtok,const char *prompt);
Thepam_get_authtokfunction returns the cached authentication token, or prompts the user if no token is currently cached. It is intended for internal use by Linux-PAM and PAM service modules. Upon successful return,authtok contains a pointer to the value of the authentication token. Note, this is a pointer to theactual data and shouldnotbefree()'ed or over-written! Theprompt argument specifies a prompt to use if no token is cached. If a NULL pointer is given,pam_get_authtokuses pre-defined prompts. The following values are supported foritem: PAM_AUTHTOK Returns the current authentication token. Called frompam_sm_chauthtok(3)pam_get_authtokwill ask the user to confirm the new token by retyping it. If a prompt was specified, "Retype" will be used as prefix. PAM_OLDAUTHTOK Returns the previous authentication token when changing authentication tokens. Thepam_get_authtok_noverifyfunction can only be used for changing the password (frompam_sm_chauthtok(3)). It returns the cached authentication token, or prompts the user if no token is currently cached. The difference topam_get_authtokis, that this function does not ask a second time for the password to verify it. Upon successful return,authtok contains a pointer to the value of the authentication token. Note, this is a pointer to theactual data and shouldnotbefree()'ed or over-written! Thepam_get_authtok_verifyfunction can only be used to verify a password for mistypes gotten bypam_get_authtok_noverify(3). This function asks a second time for the password and verify it with the password provided byauthtok argument. In case of an error, the value ofauthtok is undefined. Else this argument will point to theactual data and shouldnotbefree()'ed or over-written!
pam_get_authtokhonours the following module options:try_first_pass Before prompting the user for their password, the module first tries the previous stacked module's password in case that satisfies this module as well.use_first_pass The argumentuse_first_passforces the module to use a previous stacked modules password and will never prompt the user - if no password is available or the password is not appropriate, the user will be denied access.use_authtok When password changing enforce the module to set the new token to the one provided by a previously stackedpasswordmodule. If no token is available token changing will fail.authtok_type=XXX The default action is for the module to use the following prompts when requesting passwords: "New UNIX password: " and "Retype UNIX password: ". The example wordUNIX can be replaced with this option, by default it is empty.
PAM_AUTH_ERR Authentication token could not be retrieved. PAM_AUTHTOK_ERR New authentication could not be retrieved. PAM_SUCCESS Authentication token was successfully retrieved. PAM_SYSTEM_ERR No space for an authentication token was provided. PAM_TRY_AGAIN New authentication tokens mismatch.
pam(8)
Thepam_get_authtokfunction is a Linux-PAM extensions.
This page is part of thelinux-pam (Pluggable Authentication Modules for Linux) project. Information about the project can be found at ⟨http://www.linux-pam.org/⟩. If you have a bug report for this manual page, see ⟨//www.linux-pam.org/⟩. This page was obtained from the project's upstream Git repository ⟨https://github.com/linux-pam/linux-pam.git⟩ on 2023-12-22. (At that time, the date of the most recent commit that was found in the repository was 2023-12-18.) If you discover any rendering problems in this HTML version of the page, or you believe there is a better or more up-to-date source for the page, or you have corrections or improvements to the information in this COLOPHON (which isnot part of the original manual page), send a mail to man-pages@man7.orgLinux-PAM Manual 12/22/2023PAM_GET_AUTHTOK(3)Pages that refer to this page:pam_get_authtok(3), pam_get_item(3), pam_set_item(3), pam_pwhistory(8), pam_systemd_loadkey(8)
HTML rendering created 2025-09-06 byMichael Kerrisk, author ofThe Linux Programming Interface. For details of in-depthLinux/UNIX system programming training courses that I teach, lookhere. Hosting byjambit GmbH. | ![]() |