1ce77a8d6SDag-Erling Smørgrav.\" Generated from pam_get_authtok.c by gendoc.pl 2*3ba4c8c8SDag-Erling Smørgrav.Dd June 27, 2023 35c1eca55SDag-Erling Smørgrav.Dt PAM_GET_AUTHTOK 3 45c1eca55SDag-Erling Smørgrav.Os 55c1eca55SDag-Erling Smørgrav.Sh NAME 65c1eca55SDag-Erling Smørgrav.Nm pam_get_authtok 75c1eca55SDag-Erling Smørgrav.Nd retrieve authentication token 85c1eca55SDag-Erling Smørgrav.Sh SYNOPSIS 9644f2b7cSDag-Erling Smørgrav.In sys/types.h 105c1eca55SDag-Erling Smørgrav.In security/pam_appl.h 11ca236e63SDag-Erling Smørgrav.Ft "int" 1293889be5SDag-Erling Smørgrav.Fn pam_get_authtok "pam_handle_t *pamh" "int item" "const char **authtok" "const char *prompt" 135c1eca55SDag-Erling Smørgrav.Sh DESCRIPTION 1493889be5SDag-Erling SmørgravThe 152f3ed619SDag-Erling Smørgrav.Fn pam_get_authtok 16ce77a8d6SDag-Erling Smørgravfunction either prompts the user for an 17ce77a8d6SDag-Erling Smørgravauthentication token or retrieves a cached authentication token, 18ce77a8d6SDag-Erling Smørgravdepending on circumstances. 19b33ab329SDag-Erling SmørgravEither way, a pointer to the authentication token is stored in the 20b33ab329SDag-Erling Smørgravlocation pointed to by the 21b33ab329SDag-Erling Smørgrav.Fa authtok 22ce77a8d6SDag-Erling Smørgravargument, and the corresponding PAM 23ce77a8d6SDag-Erling Smørgravitem is updated. 2493889be5SDag-Erling Smørgrav.Pp 2593889be5SDag-Erling SmørgravThe 26b33ab329SDag-Erling Smørgrav.Fa item 2793889be5SDag-Erling Smørgravargument must have one of the following values: 28c7070155SDag-Erling Smørgrav.Bl -tag -width 18n 29c7070155SDag-Erling Smørgrav.It Dv PAM_AUTHTOK 3093889be5SDag-Erling SmørgravReturns the current authentication token, or the new token 3193889be5SDag-Erling Smørgravwhen changing authentication tokens. 32c7070155SDag-Erling Smørgrav.It Dv PAM_OLDAUTHTOK 3393889be5SDag-Erling SmørgravReturns the previous authentication token when changing 3493889be5SDag-Erling Smørgravauthentication tokens. 35c7070155SDag-Erling Smørgrav.El 36ee02aaa9SDag-Erling Smørgrav.Pp 3793889be5SDag-Erling SmørgravThe 38b33ab329SDag-Erling Smørgrav.Fa prompt 3993889be5SDag-Erling Smørgravargument specifies a prompt to use if no token is cached. 4093889be5SDag-Erling SmørgravIf it is 4193889be5SDag-Erling Smørgrav.Dv NULL , 4293889be5SDag-Erling Smørgravthe 4393889be5SDag-Erling Smørgrav.Dv PAM_AUTHTOK_PROMPT 4493889be5SDag-Erling Smørgravor 4593889be5SDag-Erling Smørgrav.Dv PAM_OLDAUTHTOK_PROMPT 4693889be5SDag-Erling Smørgravitem, 47b33ab329SDag-Erling Smørgravas appropriate, will be used. 48b33ab329SDag-Erling SmørgravIf that item is also 4993889be5SDag-Erling Smørgrav.Dv NULL , 50b33ab329SDag-Erling Smørgrava hardcoded default prompt will be used. 51ce77a8d6SDag-Erling SmørgravAdditionally, when 522f3ed619SDag-Erling Smørgrav.Fn pam_get_authtok 53ce77a8d6SDag-Erling Smørgravis called from a service module, 54ce77a8d6SDag-Erling Smørgravthe prompt may be affected by module options as described below. 55ce77a8d6SDag-Erling SmørgravThe prompt is then expanded using 56ce77a8d6SDag-Erling Smørgrav.Xr openpam_subst 3 57ce77a8d6SDag-Erling Smørgravbefore it is passed to 58ce77a8d6SDag-Erling Smørgravthe conversation function. 59c7070155SDag-Erling Smørgrav.Pp 6093889be5SDag-Erling SmørgravIf 61b33ab329SDag-Erling Smørgrav.Fa item 6293889be5SDag-Erling Smørgravis set to 6393889be5SDag-Erling Smørgrav.Dv PAM_AUTHTOK 6493889be5SDag-Erling Smørgravand there is a non-null 6593889be5SDag-Erling Smørgrav.Dv PAM_OLDAUTHTOK 6693889be5SDag-Erling Smørgravitem, 672f3ed619SDag-Erling Smørgrav.Fn pam_get_authtok 6893889be5SDag-Erling Smørgravwill ask the user to confirm the new token by 69b33ab329SDag-Erling Smørgravretyping it. 70b33ab329SDag-Erling SmørgravIf there is a mismatch, 712f3ed619SDag-Erling Smørgrav.Fn pam_get_authtok 7293889be5SDag-Erling Smørgravwill return 7393889be5SDag-Erling Smørgrav.Dv PAM_TRY_AGAIN . 74ce77a8d6SDag-Erling Smørgrav.Sh MODULE OPTIONS 75ce77a8d6SDag-Erling SmørgravWhen called by a service module, 76ce77a8d6SDag-Erling Smørgrav.Fn pam_get_authtok 77ce77a8d6SDag-Erling Smørgravwill recognize the 78ce77a8d6SDag-Erling Smørgravfollowing module options: 79ce77a8d6SDag-Erling Smørgrav.Bl -tag -width 18n 80ce77a8d6SDag-Erling Smørgrav.It Dv authtok_prompt 81ce77a8d6SDag-Erling SmørgravPrompt to use when 82ce77a8d6SDag-Erling Smørgrav.Fa item 83ce77a8d6SDag-Erling Smørgravis set to 84ce77a8d6SDag-Erling Smørgrav.Dv PAM_AUTHTOK . 85ce77a8d6SDag-Erling SmørgravThis option overrides both the 86ce77a8d6SDag-Erling Smørgrav.Fa prompt 87ce77a8d6SDag-Erling Smørgravargument and the 88ce77a8d6SDag-Erling Smørgrav.Dv PAM_AUTHTOK_PROMPT 89ce77a8d6SDag-Erling Smørgravitem. 90ce77a8d6SDag-Erling Smørgrav.It Dv echo_pass 91ce77a8d6SDag-Erling SmørgravIf the application's conversation function allows it, this 92ce77a8d6SDag-Erling Smørgravlets the user see what they are typing. 93ce77a8d6SDag-Erling SmørgravThis should only be used for non-reusable authentication 94ce77a8d6SDag-Erling Smørgravtokens. 95ce77a8d6SDag-Erling Smørgrav.It Dv oldauthtok_prompt 96ce77a8d6SDag-Erling SmørgravPrompt to use when 97ce77a8d6SDag-Erling Smørgrav.Fa item 98ce77a8d6SDag-Erling Smørgravis set to 99ce77a8d6SDag-Erling Smørgrav.Dv PAM_OLDAUTHTOK . 100ce77a8d6SDag-Erling SmørgravThis option overrides both the 101ce77a8d6SDag-Erling Smørgrav.Fa prompt 102ce77a8d6SDag-Erling Smørgravargument and the 103ce77a8d6SDag-Erling Smørgrav.Dv PAM_OLDAUTHTOK_PROMPT 104ce77a8d6SDag-Erling Smørgravitem. 105ce77a8d6SDag-Erling Smørgrav.It Dv try_first_pass 106ce77a8d6SDag-Erling SmørgravIf the requested item is non-null, return it without 107ce77a8d6SDag-Erling Smørgravprompting the user. 108ce77a8d6SDag-Erling SmørgravTypically, the service module will verify the token, and 109ce77a8d6SDag-Erling Smørgravif it does not match, clear the item before calling 110ce77a8d6SDag-Erling Smørgrav.Fn pam_get_authtok 111ce77a8d6SDag-Erling Smørgrava second time. 112ce77a8d6SDag-Erling Smørgrav.It Dv use_first_pass 113ce77a8d6SDag-Erling SmørgravDo not prompt the user at all; just return the cached 114ce77a8d6SDag-Erling Smørgravvalue, or 115ce77a8d6SDag-Erling Smørgrav.Dv PAM_AUTH_ERR 116ce77a8d6SDag-Erling Smørgravif there is none. 117ce77a8d6SDag-Erling Smørgrav.El 1185c1eca55SDag-Erling Smørgrav.Sh RETURN VALUES 1195c1eca55SDag-Erling SmørgravThe 1202f3ed619SDag-Erling Smørgrav.Fn pam_get_authtok 1215c1eca55SDag-Erling Smørgravfunction returns one of the following values: 12246acc370SDag-Erling Smørgrav.Bl -tag -width 18n 12349e56509SDag-Erling Smørgrav.It Bq Er PAM_SUCCESS 12449e56509SDag-Erling SmørgravSuccess. 12549e56509SDag-Erling Smørgrav.It Bq Er PAM_BAD_CONSTANT 12649e56509SDag-Erling SmørgravBad constant. 12749e56509SDag-Erling Smørgrav.It Bq Er PAM_BAD_ITEM 12849e56509SDag-Erling SmørgravUnrecognized or restricted item. 12946acc370SDag-Erling Smørgrav.It Bq Er PAM_BUF_ERR 13046acc370SDag-Erling SmørgravMemory buffer error. 13146acc370SDag-Erling Smørgrav.It Bq Er PAM_CONV_ERR 13246acc370SDag-Erling SmørgravConversation failure. 13346acc370SDag-Erling Smørgrav.It Bq Er PAM_SYSTEM_ERR 13446acc370SDag-Erling SmørgravSystem error. 13593889be5SDag-Erling Smørgrav.It Bq Er PAM_TRY_AGAIN 13693889be5SDag-Erling SmørgravTry again. 1375c1eca55SDag-Erling Smørgrav.El 1385c1eca55SDag-Erling Smørgrav.Sh SEE ALSO 139ce77a8d6SDag-Erling Smørgrav.Xr openpam_get_option 3 , 1407f106882SDag-Erling Smørgrav.Xr openpam_subst 3 , 14146acc370SDag-Erling Smørgrav.Xr pam 3 , 142ce77a8d6SDag-Erling Smørgrav.Xr pam_conv 3 , 14393889be5SDag-Erling Smørgrav.Xr pam_get_item 3 , 14493889be5SDag-Erling Smørgrav.Xr pam_get_user 3 , 14546acc370SDag-Erling Smørgrav.Xr pam_strerror 3 1465c1eca55SDag-Erling Smørgrav.Sh STANDARDS 14746acc370SDag-Erling SmørgravThe 1482f3ed619SDag-Erling Smørgrav.Fn pam_get_authtok 14946acc370SDag-Erling Smørgravfunction is an OpenPAM extension. 1505c1eca55SDag-Erling Smørgrav.Sh AUTHORS 1515c1eca55SDag-Erling SmørgravThe 1522f3ed619SDag-Erling Smørgrav.Fn pam_get_authtok 1532f3ed619SDag-Erling Smørgravfunction and this manual page were 1542f3ed619SDag-Erling Smørgravdeveloped for the 155ca236e63SDag-Erling Smørgrav.Fx 1562f3ed619SDag-Erling SmørgravProject by ThinkSec AS and Network Associates Laboratories, the 1579bc006deSDag-Erling SmørgravSecurity Research Division of Network Associates, Inc.\& under 158ca236e63SDag-Erling SmørgravDARPA/SPAWAR contract N66001-01-C-8035 1595c1eca55SDag-Erling Smørgrav.Pq Dq CBOSS , 1605c1eca55SDag-Erling Smørgravas part of the DARPA CHATS research program. 161ce77a8d6SDag-Erling Smørgrav.Pp 162ce77a8d6SDag-Erling SmørgravThe OpenPAM library is maintained by 163f3b0ac34SDag-Erling Smørgrav.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . 164