pam_authtok_store(5) Standards, Environments, and Macros pam_authtok_store(5)NAMEpam_authtok_store - password management module
SYNOPSIS
pam_authtok_store.so.1
DESCRIPTIONpam_authtok_store provides functionality to the PAM password management
stack. It provides one function: pam_sm_chauthtok().
When invoked with flags set to PAM_UPDATE_AUTHTOK, this module updates
the authentication token for the user specified by PAM_USER.
The authentication token PAM_OLDAUTHTOK can be used to authenticate the
user against repositories that need updating (NIS, LDAP). After suc‐
cessful updates, the new authentication token stored in PAM_AUTHTOK is
the user's valid password.
This module honors the PAM_REPOSITORY item, which, if set, specifies
which repository is to be updated. If PAM_REPOSITORY is unset, it fol‐
lows the nsswitch.conf(4).
The following option can be passed to the module:
debug syslog(3C) debugging information at the LOG_DEBUG level
server_policy If the account authority for the user, as specified by
PAM_USER, is a server, do not encrypt the authentica‐
tion token before updating.
ERRORS
PAM_SUCCESS Successfully obtains authentication token
PAM_SYSTEM_ERR Fails to get username, service name, old pass‐
word or new password, user name null or empty,
or password null.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
┌─────────────────────────────┬─────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├─────────────────────────────┼─────────────────────────────┤
│Interface Stability │Evolving │
├─────────────────────────────┼─────────────────────────────┤
│MT Level │MT-Safe with exceptions │
└─────────────────────────────┴─────────────────────────────┘
SEE ALSOpam(3PAM), pam_authenticate(3PAM), pam_chauthtok(3PAM), syslog(3C),
libpam(3LIB), pam.conf(4), attributes(5), pam_authtok_check(5),
pam_authtok_get(5), pam_dhkeys(5), pam_passwd_auth(5),
pam_unix_account(5), pam_unix_auth(5), pam_unix_session(5)NOTES
The interfaces in libpam(3LIB) are MT-Safe only if each thread within
the multi-threaded application uses its own PAM handle.
The pam_unix(5) module is no longer supported. Similar functionality is
provided by pam_authtok_check(5), pam_authtok_get(5), pam_auth‐
tok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5),
pam_unix_auth(5), and pam_unix_session(5).
If the PAM_REPOSITORY item_type is set and a service module does not
recognize the type, the service module does not process any informa‐
tion, and returns PAM_IGNORE. If the PAM_REPOSITORY item_type is not
set, a service module performs its default action.
SunOS 5.10 26 Jan 2004 pam_authtok_store(5)