PAM_SERVICE
The service name (which identifies that PAM stack that
the PAM functions will use to authenticate the program).
PAM_USER
The username of the entity under whose identity service
will be given. That is, following authentication,
PAM_USER identifies the local entity
that gets to use the service. Note, this value can be mapped
from something (eg., "anonymous") to something else (eg.
"guest119") by any module in the PAM stack. As such an
application should consult the value of
PAM_USER after each call to a PAM function.
PAM_USER_PROMPT
The string used when prompting for a user's name. The default
value for this string is a localized version of "login: ".
PAM_TTY
The terminal name: prefixed by /dev/ if
it is a device file; for graphical, X-based, applications the
value for this item should be the
$DISPLAY variable.
PAM_RUSER
The requesting user name: local name for a locally
requesting user or a remote user name for a remote
requesting user.
Generally an application or module will attempt to supply
the value that is most strongly authenticated (a local account
before a remote one. The level of trust in this value is
embodied in the actual authentication stack associated with
the application, so it is ultimately at the discretion of the
system administrator.
PAM_RUSER@PAM_RHOST should always identify
the requesting user. In some cases,
PAM_RUSER may be NULL. In such situations,
it is unclear who the requesting entity is.
PAM_RHOST
The requesting hostname (the hostname of the machine from
which the PAM_RUSER entity is requesting
service). That is PAM_RUSER@PAM_RHOST
does identify the requesting user. In some applications,
PAM_RHOST may be NULL. In such situations,
it is unclear where the authentication request is originating
from.
PAM_AUTHTOK
The authentication token (often a password). This token
should be ignored by all module functions besides
pam_sm_authenticate3
and
pam_sm_chauthtok3
.
In the former function it is used to pass the most recent
authentication token from one stacked module to another. In
the latter function the token is used for another purpose.
It contains the currently active authentication token.
PAM_OLDAUTHTOK
The old authentication token. This token should be ignored
by all module functions except
pam_sm_chauthtok3
.
PAM_CONV
The pam_conv structure. See
pam_conv3
.