Hallo, dies ist ein Test.

PWD: /www/data-lst1/unixsoft/unixsoft/kaempfer/.public_html

Running in File Mode
Relative path: ./../../../../../../usr/man/man7/pam_authtok_get.7
Real path: /usr/share/man/man7/pam_authtok_get.7
Zurück

'\" te
.\" Copyright (c) 2003, 2023, Oracle and/or its affiliates.
.TH pam_authtok_get 7 "12 Sep 2023" "Oracle Solaris 11.4" "Standards, Environments, Macros, Character Sets, and miscellany"
.SH NAME
pam_authtok_get \- authentication and password management module
.SH SYNOPSIS

.LP
.nf
\fBpam_authtok_get.so.1\fR [\fBdebug\fR]
.fi
.SH DESCRIPTION
.sp
.LP
The \fBpam_authtok_get\fR service module provides password prompting functionality to the \fBPAM\fR stack. It implements \fBpam_sm_authenticate\fR(3PAM) and \fBpam_sm_chauthtok\fR(3PAM), providing functionality to both the Authentication stack and the Password Management stack.
.SS "Authentication Service"
.sp
.LP
The implementation of \fBpam_sm_authenticate\fR(3PAM) prompts for the user name if not set and then tries to get the authentication token from the pam handle. If the token is not set, it then prompts the user for a password and stores it in the \fBPAM\fR item \fBPAM_AUTHTOK\fR. This module is meant to be the first module on an authentication stack where users are to authenticate using a keyboard.
.SS "Password Management Service"
.sp
.LP
Due to the nature of the PAM Password Management stack traversal mechanism, the \fBpam_sm_chauthtok\fR(3PAM) function is called twice. Once with the \fBPAM_PRELIM_CHECK\fR flag, and once with the \fBPAM_UPDATE_AUTHTOK\fR flag.
.sp
.LP
In the first (\fBPRELIM\fR) invocation, the implementation of \fBpam_sm_chauthtok\fR(3PAM) moves the contents of the \fBPAM_AUTHTOK\fR (current authentication token) to \fBPAM_OLDAUTHTOK\fR, and then prompts the user for a new password. This new password is stored in \fBPAM_AUTHTOK\fR.
.sp
.LP
If a previous module has set \fBPAM_OLDAUTHTOK\fR prior to the invocation of pam_authtok_get, this module turns into a \fBNO-OP\fR and immediately returns \fBPAM_SUCCESS\fR.
.sp
.LP
In the second (\fBUPDATE\fR) invocation, the user is prompted to re-enter password. The \fBpam_sm_chauthtok\fR implementation verifies this re-entered password with the password stored in \fBPAM_AUTHTOK\fR. If the passwords match, the module returns \fBPAM_SUCCESS\fR.
.sp
.LP
The following option can be passed to the module:
.sp
.ne 2
.mk
.na
\fBdebug\fR
.ad
.RS 9n
.rt
\fBsyslog\fR(3C) debugging information at the \fBLOG_DEBUG\fR level
.RE

.SH RETURN VALUES
.sp
.LP
The authentication service returns the following values:
.sp
.ne 2
.mk
.na
\fB\fBPAM_SUCCESS\fR\fR
.ad
.RS 18n
.rt
Successfully obtains authentication token
.RE

.sp
.ne 2
.mk
.na
\fB\fBPAM_SYSTEM_ERR\fR\fR
.ad
.RS 18n
.rt
Fails to retrieve username, username is \fBNULL\fR or empty
.RE

.sp
.LP
The password management service returns the following values:
.sp
.ne 2
.mk
.na
\fB\fBPAM_SUCCESS\fR\fR
.ad
.RS 19n
.rt
Successfully obtains authentication token
.RE

.sp
.ne 2
.mk
.na
\fB\fBPAM_AUTHTOK_ERR\fR\fR
.ad
.RS 19n
.rt
Authentication token manipulation error
.RE

.SH ATTRIBUTES
.sp
.LP
See \fBattributes\fR(7) for descriptions of the following attributes:
.sp
.TS
tab(
) box;
cw(2.75i) |cw(2.75i) 
lw(2.75i) |lw(2.75i) 
.
ATTRIBUTE TYPE
ATTRIBUTE VALUE
_
Availability
system/library/pam-core
_
Interface Stability
Committed
.TE
.sp
.SH SEE ALSO
.sp
.LP
\fBsyslog\fR(3C), \fBlibpam\fR(3LIB), \fBpam\fR(3PAM), \fBpam_authenticate\fR(3PAM), \fBpam_sm_authenticate\fR(3PAM), \fBpam_sm_chauthtok\fR(3PAM), \fBpam.conf\fR(5), \fBattributes\fR(7), \fBpam_authtok_check\fR(7), \fBpam_authtok_store\fR(7), \fBpam_dhkeys\fR(7), \fBpam_passwd_auth\fR(7), \fBpam_unix_account\fR(7), \fBpam_unix_auth\fR(7), \fBpam_unix_session\fR(7)
.SH HISTORY
.sp
.LP
The \fBpam_authtok_get\fR module was introduced in Solaris 9, and later backported to patches for Solaris 8. This included support for the \fBdebug\fR option. Prior to that, this work was performed in the \fBpam_unix\fR module.