NAME
pam_passwd_auth − authentication module for password
SYNOPSIS
pam_passwd_auth.so.1
DESCRIPTION
pam_passwd_auth provides authentication functionality to the password service as implemented by passwd(1). It differs from the standard PAM authentication modules in its prompting behavior.
The name of the user whose password attributes are to be updated must be present in the PAM_USER item. This can be accomplished due to a previous call to pam_start(3PAM), or explicitly set by pam_set_item(3PAM). Based on the current user-id and the repository that is to by updated, the module determines whether a password is necessary for a successful update of the password repository, and if so, which password is required.
The following option can be passed to the module:
|
debug |
syslog(3C) debugging information at the LOG_DEBUG level |
nowarn
Turn off warning messages
RETURN VALUES
The following
values are returned:
PAM_SUCCESS
Successfully obtains authentication token
PAM_SYSTEM_ERR
System error
PAM_BUF_ERR
Memory buffer error
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
SEE ALSO
passwd(1), pam(3PAM), pam_authenticate(3PAM), pam_start(3PAM), pam_set_item(3PAM), syslog(3C), libpam(3LIB), pam.conf(4), attributes(5), pam_authtok_check(5), pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_unix(5), pam_unix_account(5), pam_unix_auth(5), pam_unix_session(5)
NOTES
The interfaces in libpam(3LIB) are MT-Safe only if each thread within the multi-threaded application uses its own PAM handle.
This module relies on the value of the current real UID, this module is only safe for MT-applications that don’t change UIDs during the call to pam_authenticate(3PAM).
The pam_unix(5) module might not be supported in a future release. Similar functionality is provided by pam_authtok_check(5), pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), and pam_unix_session(5).