The pam_get_authtok function returns the cached authentication token,
or prompts the user if no token is currently cached. It is intended
for internal use by Linux-PAM and PAM service modules. Upon
successful return, authtok contains a pointer to the value of the
authentication token. Note, this is a pointer to the actual data and
should not be free()'ed or over-written!
The prompt argument specifies a prompt to use if no token is cached.
If a NULL pointer is given, pam_get_authtok uses pre-defined prompts.
The following values are supported for item:
Returns the current authentication token. Called from
pam_sm_chauthtok(3)pam_get_authtok will ask the user to confirm
the new token by retyping it. If a prompt was specified, "Retype"
will be used as prefix.
Returns the previous authentication token when changing
The pam_get_authtok_noverify function can only be used for changing
the password (from pam_sm_chauthtok(3)). It returns the cached
authentication token, or prompts the user if no token is currently
cached. The difference to pam_get_authtok is, that this function does
not ask a second time for the password to verify it. Upon successful
return, authtok contains a pointer to the value of the authentication
token. Note, this is a pointer to the actual data and should not be
free()'ed or over-written!
The pam_get_authtok_verify function can only be used to verify a
password for mistypes gotten by pam_get_authtok_noverify(3). This
function asks a second time for the password and verify it with the
password provided by authtok argument. In case of an error, the value
of authtok is undefined. Else this argument will point to the actual
data and should not be free()'ed or over-written!
pam_get_authtok honours the following module options:
Before prompting the user for their password, the module first
tries the previous stacked module's password in case that
satisfies this module as well.
The argument use_first_pass forces the module to use a previous
stacked modules password and will never prompt the user - if no
password is available or the password is not appropriate, the
user will be denied access.
When password changing enforce the module to set the new token to
the one provided by a previously stacked password module. If no
token is available token changing will fail.
The default action is for the module to use the following prompts
when requesting passwords: "New UNIX password: " and "Retype UNIX
password: ". The example word UNIX can be replaced with this
option, by default it is empty.
Authentication token could not be retrieved.
New authentication could not be retrieved.
Authentication token was successfully retrieved.
No space for an authentication token was provided.
New authentication tokens mismatch.
This page is part of the linux-pam (Pluggable Authentication Modules
for Linux) project. Information about the project can be found at
⟨http://www.linux-pam.org/⟩. If you have a bug report for this manual
page, see ⟨//www.linux-pam.org/⟩. This page was obtained from the
tarball Linux-PAM-1.3.0.tar.bz2 fetched from
⟨http://www.linux-pam.org/library/⟩ on 2020-07-14. If you discover
any rendering problems in this HTML version of the page, or you
believe there is a better or more up-to-date source for the page, or
you have corrections or improvements to the information in this
COLOPHON (which is not part of the original manual page), send a mail
Linux-PAM Manual 04/01/2016 PAM_GET_AUTHTOK(3)