pam_sm_authenticate(3)pam_sm_authenticate(3)NAMEpam_sm_authenticate - Service provider implementation for pam_authenti‐
cate
SYNOPSIS
[ flag ... ] file ... [ library ... ]
DESCRIPTION
In response to a call to pam_authenticate(3), the PAM framework calls
from the modules listed in the pam.conf(4) file. The authentication
provider supplies the back-end functionality for this interface func‐
tion.
The function, is called to verify the identity of the current user.
The user is usually required to enter a password or similar authentica‐
tion token depending upon the authentication scheme configured within
the system. The user in question is specified by a prior call to and
is referenced by the authentication handle, pamh.
If the user is unknown to the authentication service, the service mod‐
ule should mask this error and continue to prompt the user for a pass‐
word. It should then return the error,
The following flag may be passed in to
The authentication service should not generate any messages.
The authentication service should return
if the user has a null authentication token.
The argc argument represents the number of module options passed in
from the configuration file pam.conf(4). argv specifies the module
options, which are interpreted and processed by the authentication ser‐
vice. Please refer to the specific module manual pages for the various
available options. If any unknown option is passed in, the module
should log the error and ignore the option.
Before returning, should call and retrieve If it has not been set
before (ie. the value is NULL), should set it to the password entered
by the user using
An authentication module may save the authentication status (success or
reason for failure) as state in the authentication handle using This
information is intended for use by
APPLICATION USAGE
Refer to pam(3) for information on thread-safety of PAM interfaces.
NOTES
Modules should not retry the authentication in the event of a failure.
Applications handle authentication retries and maintain the retry
count. To limit the number of retries, the module can return a error.
RETURN VALUES
Upon successful completion, must be returned. In addition, the follow‐
ing values may be returned:
Maximum number of authentication attempts exceeded.
Authentication failure.
Can not access authentication data due to insufficient credentials.
Underlying authentication service can not retrieve authentication
information.
User not known to underlying authentication module.
Ignore underlying authentication module regardless of whether the con‐
trol
flag is or
SEE ALSOpam(3), pam_authenticate(3), pam.conf(4), pam_user.conf(4).
pam_sm_authenticate(3)