pam_otpw(8) [debian man page]

PAMOTPW(8)						      System Manager's Manual							PAMOTPW(8)

NAME

       pam_otpw - verify one-time passwords

SYNOPSIS

       pam_otpw [ arguments ]

DESCRIPTION

       OTPW  is  a  one-time password authentication system. It compares entered passwords with hash values stored in the user's home directory in
       the file ~/.otpw.  Once a password was entered correctly, its hash value in ~/.otpw will be overwritten with hyphens,  which  disables  its
       use  in future authentication. A lock file ~/.otpw.lock prevents that the same password challenge is issued on several concurrent authenti-
       cation sessions. This helps to prevent an eavesdropper from copying a one-time password as it is entered instantly into a  second  session,
       in the hope to get access by sending the final newline character faster than the user could.

       Both  an  authentication  management and a session management function are offered by this module. The authentication function asks for and
       verifies one-time passwords. The session function prints a message after login that reminds the user of the remaining  number  of  one-time
       passwords.

ARGUMENTS

       debug  Turn on debugging via syslog(3).

       nolock Disable  locking. This option tells the authentication function of pam_otpw.so to ignore any existing ~/.otpw.lock lock file and not
	      to generate any. With this option, pam_otpw.so will never ask for several passwords simultaneously.

AUTHOR

       The OTPW package, which includes the otpw-gen progam, has been developed by  Markus  Kuhn.  The	most  recent  version  is  available  from
       <http://www.cl.cam.ac.uk/~mgk25/otpw.html>.

SEE ALSO

       otpw-gen(1), pam(8)

								    2003-09-30								PAMOTPW(8)

pam_chauthtok(3)					     Library Functions Manual						  pam_chauthtok(3)

NAME

       pam_chauthtok - perform password related functions within the PAM framework

SYNOPSIS

       [ flag ... ] file ...  [ library ... ]

DESCRIPTION

       is called to change the authentication token associated with a particular user referenced by the authentication handle, pamh.

       The following flag may be passed in to

       The password service should not generate any messages.

       The password service should only update those passwords that have aged.
	      If this flag is not passed, all password services should update their passwords.

       Upon  successful  completion of the call, the authentication token of the user will be changed in accordance with the password service con-
       figured in the system through pam.conf(4).

   Notes
       The flag is typically used by a application which has determined that the user's password has aged or expired.  Before allowing the user to
       login, the application may invoke with this flag to allow the user to update the password.  Typically applications such as passwd(1) should
       not use this flag.

       performs a preliminary check before attempting to update passwords. This check is performed for each password module in the stack as listed
       in  pam.conf(4).   The  check  may  include  pinging remote name services to determine if they are available. If returns then the check has
       failed, and passwords are not updated.

APPLICATION USAGE

       Refer to pam(3) for information on thread-safety of PAM interfaces.

RETURN VALUE

       Upon successful completion, is returned.  In addition to the error return values described in pam(3), the following values may be returned:

       No permission.

       Authentication token manipulation error.

       Authentication information cannot be recovered.

       Authentication token lock busy.

       Authentication token aging disabled.

       User unknown to password service.

       Preliminary check by password service failed.

SEE ALSO

       pam(3), pam_start(3), pam_authenticate(3).

																  pam_chauthtok(3)