Provided by: libpam0g-dev_1.5.3-5ubuntu5.1_amd64 bug

NAME

       pam_get_authtok, pam_get_authtok_verify, pam_get_authtok_noverify - get authentication
       token

SYNOPSIS

       #include <security/pam_ext.h>

       int pam_get_authtok(pam_handle_t *pamh, int item, const char **authtok,
                           const char *prompt);

       int pam_get_authtok_noverify(pam_handle_t *pamh, const char **authtok,
                                    const char *prompt);

       int pam_get_authtok_verify(pam_handle_t *pamh, const char **authtok, const char *prompt);

DESCRIPTION

       The pam_get_authtok function returns the cached authentication token, or prompts the user
       if no token is currently cached. It is intended for internal use by Linux-PAM and PAM
       service modules. Upon successful return, authtok contains a pointer to the value of the
       authentication token. Note, this is a pointer to the actual data and should not be
       free()'ed or over-written!

       The prompt argument specifies a prompt to use if no token is cached. If a NULL pointer is
       given, pam_get_authtok uses pre-defined prompts.

       The following values are supported for item:

       PAM_AUTHTOK
           Returns the current authentication token. Called from pam_sm_chauthtok(3)
           pam_get_authtok will ask the user to confirm the new token by retyping it. If a prompt
           was specified, "Retype" will be used as prefix.

       PAM_OLDAUTHTOK
           Returns the previous authentication token when changing authentication tokens.

       The pam_get_authtok_noverify function can only be used for changing the password (from
       pam_sm_chauthtok(3)). It returns the cached authentication token, or prompts the user if
       no token is currently cached. The difference to pam_get_authtok is, that this function
       does not ask a second time for the password to verify it. Upon successful return, authtok
       contains a pointer to the value of the authentication token. Note, this is a pointer to
       the actual data and should not be free()'ed or over-written!

       The pam_get_authtok_verify function can only be used to verify a password for mistypes
       gotten by pam_get_authtok_noverify(3). This function asks a second time for the password
       and verify it with the password provided by authtok argument. In case of an error, the
       value of authtok is undefined. Else this argument will point to the actual data and should
       not be free()'ed or over-written!

OPTIONS

       pam_get_authtok honours the following module options:

       try_first_pass
           Before prompting the user for their password, the module first tries the previous
           stacked module's password in case that satisfies this module as well.

       use_first_pass
           The argument use_first_pass forces the module to use a previous stacked modules
           password and will never prompt the user - if no password is available or the password
           is not appropriate, the user will be denied access.

       use_authtok
           When password changing enforce the module to set the new token to the one provided by
           a previously stacked password module. If no token is available token changing will
           fail.

       authtok_type=XXX
           The default action is for the module to use the following prompts when requesting
           passwords: "New UNIX password: " and "Retype UNIX password: ". The example word UNIX
           can be replaced with this option, by default it is empty.

RETURN VALUES

       PAM_AUTH_ERR
           Authentication token could not be retrieved.

       PAM_AUTHTOK_ERR
           New authentication could not be retrieved.

       PAM_SUCCESS
           Authentication token was successfully retrieved.

       PAM_SYSTEM_ERR
           No space for an authentication token was provided.

       PAM_TRY_AGAIN
           New authentication tokens mismatch.

SEE ALSO

       pam(7)

STANDARDS

       The pam_get_authtok function is a Linux-PAM extensions.