NAME
pam_authenticate
- perform authentication within the PAM framework
LIBRARY
SYNOPSIS
int
pam_authenticate(pam_handle_t *pamh, int flags)
DESCRIPTION
The
pam_authenticate
function attempts to authenticate the user
associated with the pam context specified by the
pamh
argument.
The application is free to call
pam_authenticate
as many times as it
wishes, but some modules may maintain an internal retry counter and
return
PAM_MAXTRIES
when it exceeds some preset or hardcoded limit.
The
flags
argument is the binary or of zero or more of the following
values:
PAM_SILENT-
Do not emit any messages.
PAM_DISALLOW_NULL_AUTHTOK-
Fail if the user's authentication token is null.
If any other bits are set,
pam_authenticate
will return
PAM_SYMBOL_ERR.
RETURN VALUES
The
pam_authenticate
function returns one of the following values:
- [
PAM_ABORT] -
General failure.
- [
PAM_AUTHINFO_UNAVAIL] -
Authentication information is unavailable.
- [
PAM_AUTH_ERR] -
Authentication error.
- [
PAM_BUF_ERR] -
Memory buffer error.
- [
PAM_CONV_ERR] -
Conversation failure.
- [
PAM_CRED_INSUFFICIENT] -
Insufficient credentials.
- [
PAM_MAXTRIES] -
Maximum number of tries exceeded.
- [
PAM_PERM_DENIED] -
Permission denied.
- [
PAM_SERVICE_ERR] -
Error in service module.
- [
PAM_SYMBOL_ERR] -
Invalid symbol.
- [
PAM_SYSTEM_ERR] -
System error.
- [
PAM_USER_UNKNOWN] -
Unknown user.
SEE ALSO
pam(3),
pam_strerror(3)
STANDARDS
AUTHORS
The
pam_authenticate
function and this manual page were developed for the
FreeBSD
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc. under
DARPA/SPAWAR contract N66001-01-C-8035
(``CBOSS''),
as part of the DARPA CHATS research program.