diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 01:38:36 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 01:38:36 +0000 |
commit | 26367bfc399cb3862f94ddca8fce87f98f26d67e (patch) | |
tree | ba3a4e02ed5ec62fe645dfa810c01d26decf591f /doc/man/pam_sm_chauthtok.3 | |
parent | Initial commit. (diff) | |
download | pam-upstream.tar.xz pam-upstream.zip |
Adding upstream version 1.3.1.upstream/1.3.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | doc/man/pam_sm_chauthtok.3 | 143 | ||||
-rw-r--r-- | doc/man/pam_sm_chauthtok.3.xml | 205 |
2 files changed, 348 insertions, 0 deletions
diff --git a/doc/man/pam_sm_chauthtok.3 b/doc/man/pam_sm_chauthtok.3 new file mode 100644 index 0000000..50918aa --- /dev/null +++ b/doc/man/pam_sm_chauthtok.3 @@ -0,0 +1,143 @@ +'\" t +.\" Title: pam_sm_chauthtok +.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] +.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> +.\" Date: 05/18/2017 +.\" Manual: Linux-PAM Manual +.\" Source: Linux-PAM Manual +.\" Language: English +.\" +.TH "PAM_SM_CHAUTHTOK" "3" "05/18/2017" "Linux-PAM Manual" "Linux-PAM Manual" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +pam_sm_chauthtok \- PAM service function for authentication token management +.SH "SYNOPSIS" +.sp +.ft B +.nf +#define PAM_SM_PASSWORD +.fi +.ft +.sp +.ft B +.nf +#include <security/pam_modules\&.h> +.fi +.ft +.HP \w'int\ pam_sm_chauthtok('u +.BI "int pam_sm_chauthtok(pam_handle_t\ *" "pamh" ", int\ " "flags" ", int\ " "argc" ", const\ char\ **" "argv" ");" +.SH "DESCRIPTION" +.PP +The +\fBpam_sm_chauthtok\fR +function is the service module\*(Aqs implementation of the +\fBpam_chauthtok\fR(3) +interface\&. +.PP +This function is used to (re\-)set the authentication token of the user\&. +.PP +Valid flags, which may be logically OR\*(Aqd with +\fIPAM_SILENT\fR, are: +.PP +PAM_SILENT +.RS 4 +Do not emit any messages\&. +.RE +.PP +PAM_CHANGE_EXPIRED_AUTHTOK +.RS 4 +This argument indicates to the module that the user\*(Aqs authentication token (password) should only be changed if it has expired\&. This flag is optional and +\fImust\fR +be combined with one of the following two flags\&. Note, however, the following two options are +\fImutually exclusive\fR\&. +.RE +.PP +PAM_PRELIM_CHECK +.RS 4 +This indicates that the modules are being probed as to their ready status for altering the user\*(Aqs authentication token\&. If the module requires access to another system over some network it should attempt to verify it can connect to this system on receiving this flag\&. If a module cannot establish it is ready to update the user\*(Aqs authentication token it should return +\fBPAM_TRY_AGAIN\fR, this information will be passed back to the application\&. +.sp +If the control value +\fIsufficient\fR +is used in the password stack, the +\fIPAM_PRELIM_CHECK\fR +section of the modules following that control value is not always executed\&. +.RE +.PP +PAM_UPDATE_AUTHTOK +.RS 4 +This informs the module that this is the call it should change the authorization tokens\&. If the flag is logically OR\*(Aqd with +\fBPAM_CHANGE_EXPIRED_AUTHTOK\fR, the token is only changed if it has actually expired\&. +.RE +.PP +The PAM library calls this function twice in succession\&. The first time with +\fBPAM_PRELIM_CHECK\fR +and then, if the module does not return +\fBPAM_TRY_AGAIN\fR, subsequently with +\fBPAM_UPDATE_AUTHTOK\fR\&. It is only on the second call that the authorization token is (possibly) changed\&. +.SH "RETURN VALUES" +.PP +PAM_AUTHTOK_ERR +.RS 4 +The module was unable to obtain the new authentication token\&. +.RE +.PP +PAM_AUTHTOK_RECOVERY_ERR +.RS 4 +The module was unable to obtain the old authentication token\&. +.RE +.PP +PAM_AUTHTOK_LOCK_BUSY +.RS 4 +Cannot change the authentication token since it is currently locked\&. +.RE +.PP +PAM_AUTHTOK_DISABLE_AGING +.RS 4 +Authentication token aging has been disabled\&. +.RE +.PP +PAM_PERM_DENIED +.RS 4 +Permission denied\&. +.RE +.PP +PAM_TRY_AGAIN +.RS 4 +Preliminary check was unsuccessful\&. Signals an immediate return to the application is desired\&. +.RE +.PP +PAM_SUCCESS +.RS 4 +The authentication token was successfully updated\&. +.RE +.PP +PAM_USER_UNKNOWN +.RS 4 +User unknown to password service\&. +.RE +.SH "SEE ALSO" +.PP +\fBpam\fR(3), +\fBpam_chauthtok\fR(3), +\fBpam_sm_chauthtok\fR(3), +\fBpam_strerror\fR(3), +\fBPAM\fR(8) diff --git a/doc/man/pam_sm_chauthtok.3.xml b/doc/man/pam_sm_chauthtok.3.xml new file mode 100644 index 0000000..d8f36d6 --- /dev/null +++ b/doc/man/pam_sm_chauthtok.3.xml @@ -0,0 +1,205 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" + "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> +<refentry id='pam_sm_chauthtok'> + <refmeta> + <refentrytitle>pam_sm_chauthtok</refentrytitle> + <manvolnum>3</manvolnum> + <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> + </refmeta> + + <refnamediv id="pam_sm_chauthtok-name"> + <refname>pam_sm_chauthtok</refname> + <refpurpose>PAM service function for authentication token management</refpurpose> + </refnamediv> + +<!-- body begins here --> + + <refsynopsisdiv> + <funcsynopsis id='pam_sm_chauthtok-synopsis'> + <funcsynopsisinfo>#define PAM_SM_PASSWORD</funcsynopsisinfo> + <funcsynopsisinfo>#include <security/pam_modules.h></funcsynopsisinfo> + <funcprototype> + <funcdef>int <function>pam_sm_chauthtok</function></funcdef> + <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> + <paramdef>int <parameter>flags</parameter></paramdef> + <paramdef>int <parameter>argc</parameter></paramdef> + <paramdef>const char **<parameter>argv</parameter></paramdef> + </funcprototype> + </funcsynopsis> + </refsynopsisdiv> + + + <refsect1 id='pam_sm_chauthtok-description'> + <title>DESCRIPTION</title> + <para> + The <function>pam_sm_chauthtok</function> function is the service + module's implementation of the + <citerefentry> + <refentrytitle>pam_chauthtok</refentrytitle><manvolnum>3</manvolnum> + </citerefentry> interface. + </para> + <para> + This function is used to (re-)set the authentication token of the user. + </para> + <para> + Valid flags, which may be logically OR'd with + <emphasis>PAM_SILENT</emphasis>, are: + </para> + <variablelist> + <varlistentry> + <term>PAM_SILENT</term> + <listitem> + <para> + Do not emit any messages. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_CHANGE_EXPIRED_AUTHTOK</term> + <listitem> + <para> + This argument indicates to the module that the user's + authentication token (password) should only be changed if + it has expired. This flag is optional and + <emphasis>must</emphasis> be combined with one of the + following two flags. Note, however, the following two options + are <emphasis>mutually exclusive</emphasis>. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_PRELIM_CHECK</term> + <listitem> + <para> + This indicates that the modules are being probed as to + their ready status for altering the user's authentication + token. If the module requires access to another system over + some network it should attempt to verify it can connect to + this system on receiving this flag. If a module cannot establish + it is ready to update the user's authentication token it should + return <emphasis remap='B'>PAM_TRY_AGAIN</emphasis>, this + information will be passed back to the application. + </para> + <para> + If the control value <emphasis>sufficient</emphasis> is used in + the password stack, the <emphasis>PAM_PRELIM_CHECK</emphasis> section + of the modules following that control value is not always executed. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_UPDATE_AUTHTOK</term> + <listitem> + <para> + This informs the module that this is the call it should change + the authorization tokens. If the flag is logically OR'd with + <emphasis remap='B'>PAM_CHANGE_EXPIRED_AUTHTOK</emphasis>, the + token is only changed if it has actually expired. + </para> + </listitem> + </varlistentry> + </variablelist> + <para> + The PAM library calls this function twice in succession. The first + time with <emphasis remap='B'>PAM_PRELIM_CHECK</emphasis> and then, + if the module does not return + <emphasis remap='B'>PAM_TRY_AGAIN</emphasis>, subsequently with + <emphasis remap='B'>PAM_UPDATE_AUTHTOK</emphasis>. It is only on + the second call that the authorization token is (possibly) changed. + </para> + </refsect1> + + <refsect1 id="pam_sm_chauthtok-return_values"> + <title>RETURN VALUES</title> + <variablelist> + <varlistentry> + <term>PAM_AUTHTOK_ERR</term> + <listitem> + <para> + The module was unable to obtain the new authentication token. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_AUTHTOK_RECOVERY_ERR</term> + <listitem> + <para> + The module was unable to obtain the old authentication token. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_AUTHTOK_LOCK_BUSY</term> + <listitem> + <para> + Cannot change the authentication token since it is currently + locked. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_AUTHTOK_DISABLE_AGING</term> + <listitem> + <para> + Authentication token aging has been disabled. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_PERM_DENIED</term> + <listitem> + <para> + Permission denied. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_TRY_AGAIN</term> + <listitem> + <para> + Preliminary check was unsuccessful. Signals an immediate + return to the application is desired. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_SUCCESS</term> + <listitem> + <para> + The authentication token was successfully updated. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_USER_UNKNOWN</term> + <listitem> + <para> + User unknown to password service. + </para> + </listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1 id='pam_sm_chauthtok-see_also'> + <title>SEE ALSO</title> + <para> + <citerefentry> + <refentrytitle>pam</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_chauthtok</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_sm_chauthtok</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum> + </citerefentry> + </para> + </refsect1> +</refentry> |