| PAM_GET_AUTHTOK(3) | Library Functions Manual | PAM_GET_AUTHTOK(3) | 
pam_get_authtok —
#include <sys/types.h>
#include <security/pam_appl.h>
int
  
  pam_get_authtok(pam_handle_t
    *pamh, int item,
    const char **authtok,
    const char *prompt);
pam_get_authtok() function either prompts the user
  for an authentication token or retrieves a cached authentication token,
  depending on circumstances. Either way, a pointer to the authentication token
  is stored in the location pointed to by the authtok
  argument, and the corresponding PAM item is updated.
The item argument must have one of the following values:
PAM_AUTHTOKPAM_OLDAUTHTOKThe prompt argument specifies a prompt to
    use if no token is cached. If it is NULL, the
    PAM_AUTHTOK_PROMPT or
    PAM_OLDAUTHTOK_PROMPT item, as appropriate, will be
    used. If that item is also NULL, a hardcoded default
    prompt will be used. Additionally, when
    pam_get_authtok() is called from a service module,
    the prompt may be affected by module options as described below. The prompt
    is then expanded using
    openpam_subst(3) before
    it is passed to the conversation function.
If item is set to
    PAM_AUTHTOK and there is a non-null
    PAM_OLDAUTHTOK item,
    pam_get_authtok() will ask the user to confirm the
    new token by retyping it. If there is a mismatch,
    pam_get_authtok() will return
    PAM_TRY_AGAIN.
pam_get_authtok() will
  recognize the following module options:
authtok_promptPAM_AUTHTOK. This option overrides both the
      prompt argument and the
      PAM_AUTHTOK_PROMPT item.echo_passoldauthtok_promptPAM_OLDAUTHTOK. This option overrides both the
      prompt argument and the
      PAM_OLDAUTHTOK_PROMPT item.try_first_passpam_get_authtok() a second time.use_first_passPAM_AUTH_ERR if there is none.pam_get_authtok() function returns one of the
  following values:
PAM_SUCCESS]PAM_BAD_CONSTANT]PAM_BAD_ITEM]PAM_BUF_ERR]PAM_CONV_ERR]PAM_SYSTEM_ERR]PAM_TRY_AGAIN]pam_get_authtok() function is an OpenPAM extension.
pam_get_authtok() function and this manual page were
  developed for the FreeBSD Project by ThinkSec AS and
  Network Associates Laboratories, the Security Research Division of Network
  Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
  (“CBOSS”), as part of the DARPA CHATS research program.
The OpenPAM library is maintained by Dag-Erling Smørgrav <des@des.no>.
| April 30, 2017 | NetBSD 9.3 |