summaryrefslogtreecommitdiffstats
path: root/doc/man/pam_sm_chauthtok.3
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--doc/man/pam_sm_chauthtok.3137
-rw-r--r--doc/man/pam_sm_chauthtok.3.xml204
2 files changed, 341 insertions, 0 deletions
diff --git a/doc/man/pam_sm_chauthtok.3 b/doc/man/pam_sm_chauthtok.3
new file mode 100644
index 0000000..e68876f
--- /dev/null
+++ b/doc/man/pam_sm_chauthtok.3
@@ -0,0 +1,137 @@
+'\" t
+.\" Title: pam_sm_chauthtok
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 09/03/2021
+.\" Manual: Linux-PAM Manual
+.\" Source: Linux-PAM Manual
+.\" Language: English
+.\"
+.TH "PAM_SM_CHAUTHTOK" "3" "09/03/2021" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+pam_sm_chauthtok \- PAM service function for authentication token management
+.SH "SYNOPSIS"
+.sp
+.ft B
+.nf
+#include <security/pam_modules\&.h>
+.fi
+.ft
+.HP \w'int\ pam_sm_chauthtok('u
+.BI "int pam_sm_chauthtok(pam_handle_t\ *" "pamh" ", int\ " "flags" ", int\ " "argc" ", const\ char\ **" "argv" ");"
+.SH "DESCRIPTION"
+.PP
+The
+\fBpam_sm_chauthtok\fR
+function is the service module\*(Aqs implementation of the
+\fBpam_chauthtok\fR(3)
+interface\&.
+.PP
+This function is used to (re\-)set the authentication token of the user\&.
+.PP
+Valid flags, which may be logically OR\*(Aqd with
+\fIPAM_SILENT\fR, are:
+.PP
+PAM_SILENT
+.RS 4
+Do not emit any messages\&.
+.RE
+.PP
+PAM_CHANGE_EXPIRED_AUTHTOK
+.RS 4
+This argument indicates to the module that the user\*(Aqs authentication token (password) should only be changed if it has expired\&. This flag is optional and
+\fImust\fR
+be combined with one of the following two flags\&. Note, however, the following two options are
+\fImutually exclusive\fR\&.
+.RE
+.PP
+PAM_PRELIM_CHECK
+.RS 4
+This indicates that the modules are being probed as to their ready status for altering the user\*(Aqs authentication token\&. If the module requires access to another system over some network it should attempt to verify it can connect to this system on receiving this flag\&. If a module cannot establish it is ready to update the user\*(Aqs authentication token it should return
+\fBPAM_TRY_AGAIN\fR, this information will be passed back to the application\&.
+.sp
+If the control value
+\fIsufficient\fR
+is used in the password stack, the
+\fIPAM_PRELIM_CHECK\fR
+section of the modules following that control value is not always executed\&.
+.RE
+.PP
+PAM_UPDATE_AUTHTOK
+.RS 4
+This informs the module that this is the call it should change the authorization tokens\&. If the flag is logically OR\*(Aqd with
+\fBPAM_CHANGE_EXPIRED_AUTHTOK\fR, the token is only changed if it has actually expired\&.
+.RE
+.PP
+The PAM library calls this function twice in succession\&. The first time with
+\fBPAM_PRELIM_CHECK\fR
+and then, if the module does not return
+\fBPAM_TRY_AGAIN\fR, subsequently with
+\fBPAM_UPDATE_AUTHTOK\fR\&. It is only on the second call that the authorization token is (possibly) changed\&.
+.SH "RETURN VALUES"
+.PP
+PAM_AUTHTOK_ERR
+.RS 4
+The module was unable to obtain the new authentication token\&.
+.RE
+.PP
+PAM_AUTHTOK_RECOVERY_ERR
+.RS 4
+The module was unable to obtain the old authentication token\&.
+.RE
+.PP
+PAM_AUTHTOK_LOCK_BUSY
+.RS 4
+Cannot change the authentication token since it is currently locked\&.
+.RE
+.PP
+PAM_AUTHTOK_DISABLE_AGING
+.RS 4
+Authentication token aging has been disabled\&.
+.RE
+.PP
+PAM_PERM_DENIED
+.RS 4
+Permission denied\&.
+.RE
+.PP
+PAM_TRY_AGAIN
+.RS 4
+Preliminary check was unsuccessful\&. Signals an immediate return to the application is desired\&.
+.RE
+.PP
+PAM_SUCCESS
+.RS 4
+The authentication token was successfully updated\&.
+.RE
+.PP
+PAM_USER_UNKNOWN
+.RS 4
+User unknown to password service\&.
+.RE
+.SH "SEE ALSO"
+.PP
+\fBpam\fR(3),
+\fBpam_chauthtok\fR(3),
+\fBpam_sm_chauthtok\fR(3),
+\fBpam_strerror\fR(3),
+\fBPAM\fR(8)
diff --git a/doc/man/pam_sm_chauthtok.3.xml b/doc/man/pam_sm_chauthtok.3.xml
new file mode 100644
index 0000000..25e17d0
--- /dev/null
+++ b/doc/man/pam_sm_chauthtok.3.xml
@@ -0,0 +1,204 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
+<refentry id='pam_sm_chauthtok'>
+ <refmeta>
+ <refentrytitle>pam_sm_chauthtok</refentrytitle>
+ <manvolnum>3</manvolnum>
+ <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id="pam_sm_chauthtok-name">
+ <refname>pam_sm_chauthtok</refname>
+ <refpurpose>PAM service function for authentication token management</refpurpose>
+ </refnamediv>
+
+<!-- body begins here -->
+
+ <refsynopsisdiv>
+ <funcsynopsis id='pam_sm_chauthtok-synopsis'>
+ <funcsynopsisinfo>#include &lt;security/pam_modules.h&gt;</funcsynopsisinfo>
+ <funcprototype>
+ <funcdef>int <function>pam_sm_chauthtok</function></funcdef>
+ <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef>
+ <paramdef>int <parameter>flags</parameter></paramdef>
+ <paramdef>int <parameter>argc</parameter></paramdef>
+ <paramdef>const char **<parameter>argv</parameter></paramdef>
+ </funcprototype>
+ </funcsynopsis>
+ </refsynopsisdiv>
+
+
+ <refsect1 id='pam_sm_chauthtok-description'>
+ <title>DESCRIPTION</title>
+ <para>
+ The <function>pam_sm_chauthtok</function> function is the service
+ module's implementation of the
+ <citerefentry>
+ <refentrytitle>pam_chauthtok</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry> interface.
+ </para>
+ <para>
+ This function is used to (re-)set the authentication token of the user.
+ </para>
+ <para>
+ Valid flags, which may be logically OR'd with
+ <emphasis>PAM_SILENT</emphasis>, are:
+ </para>
+ <variablelist>
+ <varlistentry>
+ <term>PAM_SILENT</term>
+ <listitem>
+ <para>
+ Do not emit any messages.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_CHANGE_EXPIRED_AUTHTOK</term>
+ <listitem>
+ <para>
+ This argument indicates to the module that the user's
+ authentication token (password) should only be changed if
+ it has expired. This flag is optional and
+ <emphasis>must</emphasis> be combined with one of the
+ following two flags. Note, however, the following two options
+ are <emphasis>mutually exclusive</emphasis>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_PRELIM_CHECK</term>
+ <listitem>
+ <para>
+ This indicates that the modules are being probed as to
+ their ready status for altering the user's authentication
+ token. If the module requires access to another system over
+ some network it should attempt to verify it can connect to
+ this system on receiving this flag. If a module cannot establish
+ it is ready to update the user's authentication token it should
+ return <emphasis remap='B'>PAM_TRY_AGAIN</emphasis>, this
+ information will be passed back to the application.
+ </para>
+ <para>
+ If the control value <emphasis>sufficient</emphasis> is used in
+ the password stack, the <emphasis>PAM_PRELIM_CHECK</emphasis> section
+ of the modules following that control value is not always executed.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_UPDATE_AUTHTOK</term>
+ <listitem>
+ <para>
+ This informs the module that this is the call it should change
+ the authorization tokens. If the flag is logically OR'd with
+ <emphasis remap='B'>PAM_CHANGE_EXPIRED_AUTHTOK</emphasis>, the
+ token is only changed if it has actually expired.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ <para>
+ The PAM library calls this function twice in succession. The first
+ time with <emphasis remap='B'>PAM_PRELIM_CHECK</emphasis> and then,
+ if the module does not return
+ <emphasis remap='B'>PAM_TRY_AGAIN</emphasis>, subsequently with
+ <emphasis remap='B'>PAM_UPDATE_AUTHTOK</emphasis>. It is only on
+ the second call that the authorization token is (possibly) changed.
+ </para>
+ </refsect1>
+
+ <refsect1 id="pam_sm_chauthtok-return_values">
+ <title>RETURN VALUES</title>
+ <variablelist>
+ <varlistentry>
+ <term>PAM_AUTHTOK_ERR</term>
+ <listitem>
+ <para>
+ The module was unable to obtain the new authentication token.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_AUTHTOK_RECOVERY_ERR</term>
+ <listitem>
+ <para>
+ The module was unable to obtain the old authentication token.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_AUTHTOK_LOCK_BUSY</term>
+ <listitem>
+ <para>
+ Cannot change the authentication token since it is currently
+ locked.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_AUTHTOK_DISABLE_AGING</term>
+ <listitem>
+ <para>
+ Authentication token aging has been disabled.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_PERM_DENIED</term>
+ <listitem>
+ <para>
+ Permission denied.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_TRY_AGAIN</term>
+ <listitem>
+ <para>
+ Preliminary check was unsuccessful. Signals an immediate
+ return to the application is desired.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_SUCCESS</term>
+ <listitem>
+ <para>
+ The authentication token was successfully updated.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_USER_UNKNOWN</term>
+ <listitem>
+ <para>
+ User unknown to password service.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='pam_sm_chauthtok-see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>pam</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_chauthtok</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_sm_chauthtok</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+</refentry>
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-19 23:01:01 +0000