PAM_AUTHTOK_STORE(7) Standards, Environments, and Macros PAM_AUTHTOK_STORE(7)
NAME
pam_authtok_store - password management module
SYNOPSIS
pam_authtok_store.so.1DESCRIPTION
pam_authtok_store provides functionality to the PAM password management
stack. It provides one function:
pam_sm_chauthtok().
When invoked with flags set to
PAM_UPDATE_AUTHTOK, this module updates
the authentication token for the user specified by
PAM_USER.
The authentication token
PAM_OLDAUTHTOK can be used to authenticate the
user against repositories that need updating (
NIS,
LDAP). After
successful updates, the new authentication token stored in
PAM_AUTHTOK is
the user's valid password.
This module honors the
PAM_REPOSITORY item, which, if set, specifies
which repository is to be updated. If
PAM_REPOSITORY is unset, it follows
the
nsswitch.conf(5).
The following option can be passed to the module:
debug syslog(3C) debugging information at the
LOG_DEBUG level
server_policy If the account authority for the user, as specified by
PAM_USER, is a server, do not encrypt the authentication
token before updating.
ERRORS
PAM_SUCCESS Successfully obtains authentication token
PAM_SYSTEM_ERR Fails to get username, service name, old password or
new password, user name null or empty, or password
null.
ATTRIBUTES
See
attributes(7) for descriptions of the following attributes:
+--------------------+-------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-------------------------+
|Interface Stability | Evolving |
+--------------------+-------------------------+
|MT Level | MT-Safe with exceptions |
+--------------------+-------------------------+
SEE ALSO
syslog(3C),
libpam(3LIB),
pam(3PAM),
pam_authenticate(3PAM),
pam_chauthtok(3PAM),
pam.conf(5),
attributes(7),
pam_authtok_check(7),
pam_authtok_get(7),
pam_dhkeys(7),
pam_passwd_auth(7),
pam_unix_account(7),
pam_unix_auth(7),
pam_unix_session(7)NOTES
The interfaces in
libpam(3LIB) are MT-Safe only if each thread within the
multi-threaded application uses its own
PAM handle.
The
pam_unix(7) module is no longer supported. Similar functionality is
provided by
pam_authtok_check(7),
pam_authtok_get(7),
pam_authtok_store(7),
pam_dhkeys(7),
pam_passwd_auth(7),
pam_unix_account(7),
pam_unix_auth(7), and
pam_unix_session(7).
If the
PAM_REPOSITORY item_type is set and a service module does not
recognize the type, the service module does not process any information,
and returns
PAM_IGNORE. If the
PAM_REPOSITORY item_type is not set, a
service module performs its default action.
January 26, 2004
PAM_AUTHTOK_STORE(7)