pam_sm_authenticate.3 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

pam_sm_authenticate(3) pam_sm_authenticate(3)

NAME

pam_sm_authenticate - Service provider implementation for pam_authenticate

SYNOPSIS

cc [ ﬂag ... ] ﬁle ...

-lpam [ library ... ]

#include <security/pam_appl.h>

#include <security/pam_modules.h>

int pam_sm_authenticate(pam_handle_t *

pamh, int ﬂags, int argc

const char **

argv);

DESCRIPTION

In response to a call to pam_authenticate(3), the PAM framework calls

pam_sm_authenticate()

from the modules listed in the pam.conf (4) ﬁle. The authentication provider supplies the back-end func-

tionality for this interface function.

The function,

pam_sm_authenticate()

, is called to verify the identity of the current user. The user

is usually required to enter a password or similar authentication token depending upon the authentica-

tion scheme conﬁgured within the system. The user in question is speciﬁed by a prior call to

pam_start(), and is referenced by the authentication handle, pamh.

If the user is unknown to the authentication service, the service module should mask this error and con-

tinue to prompt the user for a password. It should then return the error,

PAM_USER_UNKNOWN

The following ﬂag may be passed in to

pam_sm_authenticate()

PAM_SILENT

The authentication service should not generate any messages.

PAM_DISALLOW_NULL_AUTHTOK

The authentication service should return

PAM_AUTH_ERROR if the user has a null authentication

token.

The argc argument represents the number of module options passed in from the conﬁguration ﬁle

pam.conf (4). argv speciﬁes the module options, which are interpreted and processed by the authentica-

tion service. Please refer to the speciﬁc module manual pages for the various available options. If any

unknown option is passed in, the module should log the error and ignore the option.

Before returning,

pam_sm_authenticate()

should call pam_get_item() and retrieve

PAM_AUTHTOK. If it has not been set before (ie. the value is NULL), pam_sm_authenticate()

should set it to the password entered by the user using pam_set_item()

An authentication module may save the authentication status (success or reason for failure) as state in

the authentication handle using

pam_set_data(). This information is intended for use by

pam_setcred().

APPLICATION USAGE

Refer to pam(3) for information on thread-safety of PAM interfaces.

NOTES

Modules should not retry the authentication in the event of a failure. Applications handle authentication

retries and maintain the retry count. To limit the number of retries, the module can return a

PAM_MAXTRIES error.

RETURN VALUES

Upon successful completion,

PAM_SUCCESS must be returned. In addition, the following values may be

returned:

PAM_MAXTRIES Maximum number of authentication attempts exceeded.

PAM_AUTH_ERR Authentication failure.

PAM_CRED_INSUFFICIENT Can not access authentication data due to insufﬁcient credentials.

PAM_AUTHINFO_UNAVAIL Underlying authentication service can not retrieve authentication infor-

mation.

PAM_USER_UNKNOWN User not known to underlying authentication module.

HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1

Summary of content (2 pages)

PAGE 1
pam_sm_authenticate(3) pam_sm_authenticate(3) NAME pam_sm_authenticate - Service provider implementation for pam_authenticate SYNOPSIS cc [ flag . . . ] file . . . -lpam [ library . . . ] #include #include int pam_sm_authenticate(pam_handle_t *pamh , int flags , int argc , const char **argv ); DESCRIPTION In response to a call to pam_authenticate(3), the PAM framework calls pam_sm_authenticate() from the modules listed in the pam.conf (4) file.
PAGE 2
pam_sm_authenticate(3) PAM_IGNORE pam_sm_authenticate(3) Ignore underlying authentication module regardless of whether the control flag is required, optional or sufficient. SEE ALSO pam(3), pam_authenticate(3), pam.conf(4), pam_user.conf(4).