NAME
pam_authenticate —
perform
authentication within the PAM framework
SYNOPSIS
#include <sys/types.h>
#include <security/pam_appl.h>
int
pam_authenticate(
pam_handle_t
*pamh,
int flags);
DESCRIPTION
The
pam_authenticate() function attempts to authenticate the
user associated with the pam context specified by the
pamh argument.
The application is free to call
pam_authenticate() as many
times as it wishes, but some modules may maintain an internal retry counter
and return
PAM_MAXTRIES
when it exceeds some preset or
hardcoded limit.
The
flags argument is the binary or of zero or more of the
following values:
-
-
PAM_SILENT
- Do not emit any messages.
-
-
PAM_DISALLOW_NULL_AUTHTOK
- Fail if the user's authentication token is null.
If any other bits are set,
pam_authenticate() will return
PAM_BAD_CONSTANT
.
RETURN VALUES
The
pam_authenticate() function returns one of the following
values:
-
-
- [
PAM_SUCCESS
]
- Success.
-
-
- [
PAM_ABORT
]
- General failure.
-
-
- [
PAM_AUTHINFO_UNAVAIL
]
- Authentication information is unavailable.
-
-
- [
PAM_AUTH_ERR
]
- Authentication error.
-
-
- [
PAM_BAD_CONSTANT
]
- Bad constant.
-
-
- [
PAM_BUF_ERR
]
- Memory buffer error.
-
-
- [
PAM_CONV_ERR
]
- Conversation failure.
-
-
- [
PAM_CRED_INSUFFICIENT
]
- Insufficient credentials.
-
-
- [
PAM_MAXTRIES
]
- Maximum number of tries exceeded.
-
-
- [
PAM_PERM_DENIED
]
- Permission denied.
-
-
- [
PAM_SERVICE_ERR
]
- Error in service module.
-
-
- [
PAM_SYSTEM_ERR
]
- System error.
-
-
- [
PAM_USER_UNKNOWN
]
- Unknown user.
SEE ALSO
pam(3),
pam_strerror(3)
STANDARDS
X/Open Single Sign-On Service (XSSO) -
Pluggable Authentication Modules, June
1997.
AUTHORS
The
pam_authenticate() function and this manual page were
developed for the
FreeBSD Project by ThinkSec AS and
Network Associates Laboratories, the Security Research Division of Network
Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
(“CBOSS”), as part of the DARPA CHATS research program.
The OpenPAM library is maintained by
Dag-Erling
Smørgrav
<
des@des.no>.