NAME
pam_authenticate —
perform authentication within the PAM
framework
SYNOPSIS
#include
<sys/types.h>
#include
<security/pam_appl.h>
int
pam_authenticate(pam_handle_t
*pamh, int
flags);
DESCRIPTION
Thepam_authenticate()
function attempts to authenticate the user associated with the pam context
specified by the pamh argument.
The application is free to call
pam_authenticate()
as many times as it wishes, but some modules may maintain an internal retry
counter and return PAM_MAXTRIES when it exceeds some
preset or hardcoded limit.
The flags argument is the binary or of zero or more of the following values:
PAM_SILENT- Do not emit any messages.
PAM_DISALLOW_NULL_AUTHTOK- Fail if the user's authentication token is null.
If any other bits are set,
pam_authenticate()
will return PAM_BAD_CONSTANT.
RETURN VALUES
The pam_authenticate() function returns
one of the following values:
- [
PAM_SUCCESS] - Success.
- [
PAM_ABORT] - General failure.
- [
PAM_AUTHINFO_UNAVAIL] - Authentication information is unavailable.
- [
PAM_AUTH_ERR] - Authentication error.
- [
PAM_BAD_CONSTANT] - Bad constant.
- [
PAM_BUF_ERR] - Memory buffer error.
- [
PAM_CONV_ERR] - Conversation failure.
- [
PAM_CRED_INSUFFICIENT] - Insufficient credentials.
- [
PAM_MAXTRIES] - Maximum number of tries exceeded.
- [
PAM_PERM_DENIED] - Permission denied.
- [
PAM_SERVICE_ERR] - Error in service module.
- [
PAM_SYSTEM_ERR] - System error.
- [
PAM_USER_UNKNOWN] - Unknown user.
SEE ALSO
STANDARDS
X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules, June 1997.
AUTHORS
The pam_authenticate() function and this
manual page were developed for the FreeBSD Project
by ThinkSec AS and Network Associates Laboratories, the Security Research
Division of Network Associates, Inc. under DARPA/SPAWAR contract
N66001-01-C-8035 (“CBOSS”), as part of the DARPA CHATS
research program.
The OpenPAM library is maintained by Dag-Erling Smørgrav <des@des.no>.