PAM_PASSWD_AUTH(7) Standards, Environments, and Macros PAM_PASSWD_AUTH(7)
pam_passwd_auth - authentication module for password
pam_passwd_auth.so.1
pam_passwd_auth provides authentication functionality to the password
service as implemented by passwd(1). It differs from the standard PAM
authentication modules in its prompting behavior. It should be the
first module on the password service authentication stack.
The name of the user whose password attributes are to be updated must
be present in the PAM_USER item. This can be accomplished due to a
previous call to pam_start(3PAM), or explicitly set by
pam_set_item(3PAM). Based on the current user-id and the repository
that is to by updated, the module determines whether a password is
necessary for a successful update of the password repository, and if
so, which password is required.
The following options can be passed to the module:
debug
syslog(3C) debugging information at the LOG_DEBUG
level
nowarn
Turn off warning messages
server_policy
If the account authority for the user, as specified
by PAM_USER, is a server, do not apply the Unix
policy from the passwd entry in the name service
switch.
The following error codes are returned:
PAM_BUF_ERR
Memory buffer error
PAM_IGNORE
Ignore module, not participating in result
PAM_SUCCESS
Successfully obtains authentication token
PAM_SYSTEM_ERR
System error
See attributes(7) for descriptions of the following attributes:
+--------------------+-------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-------------------------+
|Interface Stability | Evolving |
+--------------------+-------------------------+
|MT Level | MT-Safe with exceptions |
+--------------------+-------------------------+
passwd(1), syslog(3C), libpam(3LIB), pam(3PAM),
pam_authenticate(3PAM), pam_set_item(3PAM), pam_start(3PAM),
pam.conf(5), attributes(7), pam_authtok_check(7), pam_authtok_get(7),
pam_authtok_store(7), pam_dhkeys(7), pam_unix_account(7),
pam_unix_auth(7), pam_unix_session(7)
The interfaces in libpam(3LIB) are MT-Safe only if each thread within
the multi-threaded application uses its own PAM handle.
This module relies on the value of the current real UID, this module
is only safe for MT-applications that don't change UIDs during the
call to pam_authenticate(3PAM).
The pam_unix(7) module is no longer supported. Similar functionality
is provided by pam_authtok_check(7), pam_authtok_get(7),
pam_authtok_store(7), pam_dhkeys(7), pam_passwd_auth(7),
pam_unix_account(7), pam_unix_auth(7), and pam_unix_session(7).
August 10, 2002 PAM_PASSWD_AUTH(7)
NAME
pam_passwd_auth - authentication module for password
SYNOPSIS
pam_passwd_auth.so.1
DESCRIPTION
pam_passwd_auth provides authentication functionality to the password
service as implemented by passwd(1). It differs from the standard PAM
authentication modules in its prompting behavior. It should be the
first module on the password service authentication stack.
The name of the user whose password attributes are to be updated must
be present in the PAM_USER item. This can be accomplished due to a
previous call to pam_start(3PAM), or explicitly set by
pam_set_item(3PAM). Based on the current user-id and the repository
that is to by updated, the module determines whether a password is
necessary for a successful update of the password repository, and if
so, which password is required.
The following options can be passed to the module:
debug
syslog(3C) debugging information at the LOG_DEBUG
level
nowarn
Turn off warning messages
server_policy
If the account authority for the user, as specified
by PAM_USER, is a server, do not apply the Unix
policy from the passwd entry in the name service
switch.
ERRORS
The following error codes are returned:
PAM_BUF_ERR
Memory buffer error
PAM_IGNORE
Ignore module, not participating in result
PAM_SUCCESS
Successfully obtains authentication token
PAM_SYSTEM_ERR
System error
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
+--------------------+-------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-------------------------+
|Interface Stability | Evolving |
+--------------------+-------------------------+
|MT Level | MT-Safe with exceptions |
+--------------------+-------------------------+
SEE ALSO
passwd(1), syslog(3C), libpam(3LIB), pam(3PAM),
pam_authenticate(3PAM), pam_set_item(3PAM), pam_start(3PAM),
pam.conf(5), attributes(7), pam_authtok_check(7), pam_authtok_get(7),
pam_authtok_store(7), pam_dhkeys(7), pam_unix_account(7),
pam_unix_auth(7), pam_unix_session(7)
NOTES
The interfaces in libpam(3LIB) are MT-Safe only if each thread within
the multi-threaded application uses its own PAM handle.
This module relies on the value of the current real UID, this module
is only safe for MT-applications that don't change UIDs during the
call to pam_authenticate(3PAM).
The pam_unix(7) module is no longer supported. Similar functionality
is provided by pam_authtok_check(7), pam_authtok_get(7),
pam_authtok_store(7), pam_dhkeys(7), pam_passwd_auth(7),
pam_unix_account(7), pam_unix_auth(7), and pam_unix_session(7).
August 10, 2002 PAM_PASSWD_AUTH(7)