Visit Our UNIX and Linux User Community

Linux and UNIX Man Pages

Test Your Knowledge in Computers #926
Difficulty: Medium
On 05:20:00 UTC on Saturday, 24 January 2065, the Unix time value will equal 4000000000 seconds.
True or False?
Linux & Unix Commands - Search Man Pages

pam_get_item(3) [netbsd man page]

PAM_GET_ITEM(3) 					   BSD Library Functions Manual 					   PAM_GET_ITEM(3)

NAME
pam_get_item -- get PAM information LIBRARY
Pluggable Authentication Module Library (libpam, -lpam) SYNOPSIS
#include <sys/types.h> #include <security/pam_appl.h> int pam_get_item(const pam_handle_t *pamh, int item_type, const void **item); DESCRIPTION
The pam_get_item function stores a pointer to the item specified by the item_type argument in the location pointed to by the item argument. The item is retrieved from the PAM context specified by the pamh argument. If pam_get_item fails, the item argument is untouched. The following item types are recognized: PAM_SERVICE The name of the requesting service. PAM_USER The name of the user the application is trying to authenticate. PAM_TTY The name of the current terminal. PAM_RHOST The name of the applicant's host. PAM_CONV A struct pam_conv describing the current conversation function. PAM_AUTHTOK The current authentication token. PAM_OLDAUTHTOK The expired authentication token. PAM_RUSER The name of the applicant. PAM_USER_PROMPT The prompt to use when asking the applicant for a user name to authenticate as. PAM_AUTHTOK_PROMPT The prompt to use when asking the applicant for an authentication token. PAM_OLDAUTHTOK_PROMPT The prompt to use when asking the applicant for an expired authentication token prior to changing it. PAM_HOST The name of the host the application runs on. PAM_SOCKADDR The sockaddr_storage of the applicants's host. PAM_NUSER The ``nested'' user if this is a login on top of a previous one. See pam_start(3) for a description of struct pam_conv. RETURN VALUES
The pam_get_item function returns one of the following values: [PAM_SYMBOL_ERR] Invalid symbol. [PAM_SYSTEM_ERR] System error. SEE ALSO
pam(3), pam_set_item(3), pam_start(3), pam_strerror(3) STANDARDS
X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules, June 1997. AUTHORS
The pam_get_item function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 (``CBOSS''), as part of the DARPA CHATS research program. BSD
December 18, 2011 BSD

Check Out this Related Man Page

PAM_GET_AUTHTOK(3)					   BSD Library Functions Manual 					PAM_GET_AUTHTOK(3)

NAME
pam_get_authtok -- retrieve authentication token LIBRARY
Pluggable Authentication Module Library (libpam, -lpam) SYNOPSIS
#include <sys/types.h> #include <security/pam_appl.h> int pam_get_authtok(pam_handle_t *pamh, int item, const char **authtok, const char *prompt); DESCRIPTION
The pam_get_authtok() function either prompts the user for an authentication token or retrieves a cached authentication token, depending on circumstances. Either way, a pointer to the authentication token is stored in the location pointed to by the authtok argument, and the cor- responding PAM item is updated. The item argument must have one of the following values: PAM_AUTHTOK Returns the current authentication token, or the new token when changing authentication tokens. PAM_OLDAUTHTOK Returns the previous authentication token when changing authentication tokens. The prompt argument specifies a prompt to use if no token is cached. If it is NULL, the PAM_AUTHTOK_PROMPT or PAM_OLDAUTHTOK_PROMPT item, as appropriate, will be used. If that item is also NULL, a hardcoded default prompt will be used. Additionally, when pam_get_authtok() is called from a service module, the prompt may be affected by module options as described below. The prompt is then expanded using openpam_subst(3) before it is passed to the conversation function. If item is set to PAM_AUTHTOK and there is a non-null PAM_OLDAUTHTOK item, pam_get_authtok() will ask the user to confirm the new token by retyping it. If there is a mismatch, pam_get_authtok() will return PAM_TRY_AGAIN. MODULE OPTIONS
When called by a service module, pam_get_authtok() will recognize the following module options: authtok_prompt Prompt to use when item is set to PAM_AUTHTOK. This option overrides both the prompt argument and the PAM_AUTHTOK_PROMPT item. echo_pass If the application's conversation function allows it, this lets the user see what they are typing. This should only be used for non-reusable authentication tokens. oldauthtok_prompt Prompt to use when item is set to PAM_OLDAUTHTOK. This option overrides both the prompt argument and the PAM_OLDAUTHTOK_PROMPT item. try_first_pass If the requested item is non-null, return it without prompting the user. Typically, the service module will verify the token, and if it does not match, clear the item before calling pam_get_authtok() a second time. use_first_pass Do not prompt the user at all; just return the cached value, or PAM_AUTH_ERR if there is none. RETURN VALUES
The pam_get_authtok() function returns one of the following values: [PAM_BUF_ERR] Memory buffer error. [PAM_CONV_ERR] Conversation failure. [PAM_SYSTEM_ERR] System error. [PAM_TRY_AGAIN] Try again. SEE ALSO
openpam_get_option(3), openpam_subst(3), pam(3), pam_conv(3), pam_get_item(3), pam_get_user(3), pam_strerror(3) STANDARDS
The pam_get_authtok() function is an OpenPAM extension. AUTHORS
The pam_get_authtok() function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laborato- ries, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 (``CBOSS''), as part of the DARPA CHATS research program. The OpenPAM library is maintained by Dag-Erling Smorgrav <des@des.no>. BSD
September 12, 2014 BSD

Featured Tech Videos