PAM_AUTHTOK_STORE(7) Standards, Environments, and Macros PAM_AUTHTOK_STORE(7)

NAME


pam_authtok_store - password management module

SYNOPSIS


pam_authtok_store.so.1


DESCRIPTION


pam_authtok_store provides functionality to the PAM password management
stack. It provides one function: pam_sm_chauthtok().


When invoked with flags set to PAM_UPDATE_AUTHTOK, this module updates
the authentication token for the user specified by PAM_USER.


The authentication token PAM_OLDAUTHTOK can be used to authenticate the
user against repositories that need updating (NIS, LDAP). After
successful updates, the new authentication token stored in PAM_AUTHTOK is
the user's valid password.


This module honors the PAM_REPOSITORY item, which, if set, specifies
which repository is to be updated. If PAM_REPOSITORY is unset, it follows
the nsswitch.conf(5).


The following option can be passed to the module:

debug
syslog(3C) debugging information at the LOG_DEBUG level


server_policy
If the account authority for the user, as specified by
PAM_USER, is a server, do not encrypt the authentication
token before updating.


ERRORS


PAM_SUCCESS
Successfully obtains authentication token


PAM_SYSTEM_ERR
Fails to get username, service name, old password or
new password, user name null or empty, or password
null.


ATTRIBUTES


See attributes(7) for descriptions of the following attributes:


+--------------------+-------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-------------------------+
|Interface Stability | Evolving |
+--------------------+-------------------------+
|MT Level | MT-Safe with exceptions |
+--------------------+-------------------------+

SEE ALSO


syslog(3C), libpam(3LIB), pam(3PAM), pam_authenticate(3PAM),
pam_chauthtok(3PAM), pam.conf(5), attributes(7), pam_authtok_check(7),
pam_authtok_get(7), pam_dhkeys(7), pam_passwd_auth(7),
pam_unix_account(7), pam_unix_auth(7), pam_unix_session(7)

NOTES


The interfaces in libpam(3LIB) are MT-Safe only if each thread within the
multi-threaded application uses its own PAM handle.


The pam_unix(7) module is no longer supported. Similar functionality is
provided by pam_authtok_check(7), pam_authtok_get(7),
pam_authtok_store(7), pam_dhkeys(7), pam_passwd_auth(7),
pam_unix_account(7), pam_unix_auth(7), and pam_unix_session(7).


If the PAM_REPOSITORY item_type is set and a service module does not
recognize the type, the service module does not process any information,
and returns PAM_IGNORE. If the PAM_REPOSITORY item_type is not set, a
service module performs its default action.

January 26, 2004 PAM_AUTHTOK_STORE(7)