diff options
Diffstat (limited to 'doc/man/pam_sm_chauthtok.3')
-rw-r--r-- | doc/man/pam_sm_chauthtok.3 | 137 |
1 files changed, 137 insertions, 0 deletions
diff --git a/doc/man/pam_sm_chauthtok.3 b/doc/man/pam_sm_chauthtok.3 new file mode 100644 index 0000000..807aee2 --- /dev/null +++ b/doc/man/pam_sm_chauthtok.3 @@ -0,0 +1,137 @@ +'\" t +.\" Title: pam_sm_chauthtok +.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 06/08/2020 +.\" Manual: Linux-PAM Manual +.\" Source: Linux-PAM Manual +.\" Language: English +.\" +.TH "PAM_SM_CHAUTHTOK" "3" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +pam_sm_chauthtok \- PAM service function for authentication token management +.SH "SYNOPSIS" +.sp +.ft B +.nf +#include <security/pam_modules\&.h> +.fi +.ft +.HP \w'int\ pam_sm_chauthtok('u +.BI "int pam_sm_chauthtok(pam_handle_t\ *" "pamh" ", int\ " "flags" ", int\ " "argc" ", const\ char\ **" "argv" ");" +.SH "DESCRIPTION" +.PP +The +\fBpam_sm_chauthtok\fR +function is the service module\*(Aqs implementation of the +\fBpam_chauthtok\fR(3) +interface\&. +.PP +This function is used to (re\-)set the authentication token of the user\&. +.PP +Valid flags, which may be logically OR\*(Aqd with +\fIPAM_SILENT\fR, are: +.PP +PAM_SILENT +.RS 4 +Do not emit any messages\&. +.RE +.PP +PAM_CHANGE_EXPIRED_AUTHTOK +.RS 4 +This argument indicates to the module that the user\*(Aqs authentication token (password) should only be changed if it has expired\&. This flag is optional and +\fImust\fR +be combined with one of the following two flags\&. Note, however, the following two options are +\fImutually exclusive\fR\&. +.RE +.PP +PAM_PRELIM_CHECK +.RS 4 +This indicates that the modules are being probed as to their ready status for altering the user\*(Aqs authentication token\&. If the module requires access to another system over some network it should attempt to verify it can connect to this system on receiving this flag\&. If a module cannot establish it is ready to update the user\*(Aqs authentication token it should return +\fBPAM_TRY_AGAIN\fR, this information will be passed back to the application\&. +.sp +If the control value +\fIsufficient\fR +is used in the password stack, the +\fIPAM_PRELIM_CHECK\fR +section of the modules following that control value is not always executed\&. +.RE +.PP +PAM_UPDATE_AUTHTOK +.RS 4 +This informs the module that this is the call it should change the authorization tokens\&. If the flag is logically OR\*(Aqd with +\fBPAM_CHANGE_EXPIRED_AUTHTOK\fR, the token is only changed if it has actually expired\&. +.RE +.PP +The PAM library calls this function twice in succession\&. The first time with +\fBPAM_PRELIM_CHECK\fR +and then, if the module does not return +\fBPAM_TRY_AGAIN\fR, subsequently with +\fBPAM_UPDATE_AUTHTOK\fR\&. It is only on the second call that the authorization token is (possibly) changed\&. +.SH "RETURN VALUES" +.PP +PAM_AUTHTOK_ERR +.RS 4 +The module was unable to obtain the new authentication token\&. +.RE +.PP +PAM_AUTHTOK_RECOVERY_ERR +.RS 4 +The module was unable to obtain the old authentication token\&. +.RE +.PP +PAM_AUTHTOK_LOCK_BUSY +.RS 4 +Cannot change the authentication token since it is currently locked\&. +.RE +.PP +PAM_AUTHTOK_DISABLE_AGING +.RS 4 +Authentication token aging has been disabled\&. +.RE +.PP +PAM_PERM_DENIED +.RS 4 +Permission denied\&. +.RE +.PP +PAM_TRY_AGAIN +.RS 4 +Preliminary check was unsuccessful\&. Signals an immediate return to the application is desired\&. +.RE +.PP +PAM_SUCCESS +.RS 4 +The authentication token was successfully updated\&. +.RE +.PP +PAM_USER_UNKNOWN +.RS 4 +User unknown to password service\&. +.RE +.SH "SEE ALSO" +.PP +\fBpam\fR(3), +\fBpam_chauthtok\fR(3), +\fBpam_sm_chauthtok\fR(3), +\fBpam_strerror\fR(3), +\fBPAM\fR(8) |