*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->HP-UX 11i man pages -> pam_sm_authenticate (3)              


 pam_sm_authenticate(3)                               pam_sm_authenticate(3)

 NAME    [Toc]    [Back]
      pam_sm_authenticate - Service provider implementation for

 SYNOPSIS    [Toc]    [Back]
      cc [ flag ... ] file ...  -lpam [ library ... ]

      #include <security/pam_appl.h>

      #include <security/pam_modules.h>

      int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
           const char **argv);

 DESCRIPTION    [Toc]    [Back]
      In response to a call to pam_authenticate(3), the PAM framework calls
      pam_sm_authenticate() from the modules listed in the pam.conf(4) file.
      The authentication provider supplies the back-end functionality for
      this interface function.

      The function, pam_sm_authenticate(), is called to verify the identity
      of the current user.  The user is usually required to enter a password
      or similar authentication token depending upon the authentication
      scheme configured within the system.  The user in question is
      specified by a prior call to pam_start(), and is referenced by the
      authentication handle, pamh.

      If the user is unknown to the authentication service, the service
      module should mask this error and continue to prompt the user for a
      password.  It should then return the error, PAM_USER_UNKNOWN.

      The following flag may be passed in to pam_sm_authenticate():

      PAM_SILENT    [Toc]    [Back]
           The authentication service should not generate any messages.

      PAM_DISALLOW_NULL_AUTHTOK    [Toc]    [Back]
           The authentication service should return PAM_AUTH_ERROR if the
           user has a null authentication token.

      The argc argument represents the number of module options passed in
      from the configuration file pam.conf(4).  argv specifies the module
      options, which are interpreted and processed by the authentication
      service.  Please refer to the specific module manual pages for the
      various available options. If any unknown option is passed in, the
      module should log the error and ignore the option.

      Before returning, pam_sm_authenticate() should call pam_get_item() and
      retrieve PAM_AUTHTOK.  If it has not been set before (ie. the value is
      NULL), pam_sm_authenticate() should set it to the password entered by
      the user using pam_set_item().

 Hewlett-Packard Company            - 1 -   HP-UX 11i Version 2: August 2003

 pam_sm_authenticate(3)                               pam_sm_authenticate(3)

      An authentication module may save the authentication status (success
      or reason for failure) as state in the authentication handle using
      pam_set_data().  This information is intended for use by

 APPLICATION USAGE    [Toc]    [Back]
      Refer to pam(3) for information on thread-safety of PAM interfaces.

 NOTES    [Toc]    [Back]
      Modules should not retry the authentication in the event of a failure.
      Applications handle authentication retries and maintain the retry
      count.  To limit the number of retries, the module can return a
      PAM_MAXTRIES error.

 RETURN VALUES    [Toc]    [Back]
      Upon successful completion, PAM_SUCCESS must be returned.  In
      addition, the following values may be returned:

      PAM_MAXTRIES                 Maximum number of authentication attempts

      PAM_AUTH_ERR                 Authentication failure.

      PAM_CRED_INSUFFICIENT        Can not access authentication data due to
                                   insufficient credentials.

      PAM_AUTHINFO_UNAVAIL         Underlying authentication service can not
                                   retrieve authentication information.

      PAM_USER_UNKNOWN             User not known to underlying
                                   authentication module.

      PAM_IGNORE                   Ignore underlying authentication module
                                   regardless of whether the control flag is
                                   required, optional or sufficient.

 SEE ALSO    [Toc]    [Back]
      pam(3), pam_authenticate(3), pam.conf(4), pam_user.conf(4).

 Hewlett-Packard Company            - 2 -   HP-UX 11i Version 2: August 2003
[ Back ]
 Similar pages
Name OS Title
pam_sm_authenticate FreeBSD service module implementation for pam_authenticate
pam_sm_chauthtok HP-UX Service provider implementation for pam_chauthtok
pam_sm_setcred HP-UX Service provider implementation for pam_setcred
pam_sm_acct_mgmt HP-UX Service provider implementation for pam_acct_mgmt
pam_sm_close_session HP-UX Service provider implementation for pam_open_session and pam_close_session respectively
pam_sm_open_session HP-UX Service provider implementation for pam_open_session and pam_close_session respectively
setspinfo IRIX set service provider information
getspinfo IRIX get service provider information
CSSM_SPI_ModuleAttach Tru64 Attach a service provider module(CDSA)
CSSM_ModuleDetach Tru64 Detach application from service provider module (CDSA)
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service