diff options
author | Thorsten Kukuk <kukuk@thkukuk.de> | 2006-06-19 15:38:33 +0000 |
---|---|---|
committer | Thorsten Kukuk <kukuk@thkukuk.de> | 2006-06-19 15:38:33 +0000 |
commit | 128e2a7f40a53552dae57269aa36dc5926144329 (patch) | |
tree | 8c26177c2f734af486404d057df36e9ac2f25752 /doc/man/pam_sm_chauthtok.3.xml | |
parent | 398000908bf00d06dc32ef4b605e3f437fdc6744 (diff) |
Relevant BUGIDs:
Purpose of commit: new feature
Commit summary:
---------------
2006-06-19 Thorsten Kukuk <kukuk@thkukuk.de>
* doc/man/pam.8.xml: Syntax cleanup.
* doc/pam/PAM.8: Regenerated from xml source.
* man/pam_sm_chauthtok.3: New.
* man/pam_sm_chauthtok.3.xml: New.
* man/pam_sm_close_session.3: New.
* man/pam_sm_close_session.3.xml: New.
* man/pam_sm_open_session.3: New.
* man/pam_sm_open_session.3.xml: New.
* man/pam_sm_authenticate.3: New.
* man/pam_sm_authenticate.3.xml: New.
* man/pam_sm_setcred.3: New.
* man/pam_sm_setcred.3.xml: New.
* man/Makefile.am: Add new pam_sm_* manual pages.
* specs/Makefile.am: Fix rule to generate draft.
Diffstat (limited to 'doc/man/pam_sm_chauthtok.3.xml')
-rw-r--r-- | doc/man/pam_sm_chauthtok.3.xml | 200 |
1 files changed, 200 insertions, 0 deletions
diff --git a/doc/man/pam_sm_chauthtok.3.xml b/doc/man/pam_sm_chauthtok.3.xml new file mode 100644 index 00000000..4d2bd3fe --- /dev/null +++ b/doc/man/pam_sm_chauthtok.3.xml @@ -0,0 +1,200 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" + "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> +<refentry id='pam_sm_chauthtok'> + <refmeta> + <refentrytitle>pam_sm_chauthtok</refentrytitle> + <manvolnum>3</manvolnum> + <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> + </refmeta> + + <refnamediv id="pam_sm_chauthtok-name"> + <refname>pam_sm_chauthtok</refname> + <refpurpose>PAM service function for account management</refpurpose> + </refnamediv> + +<!-- body begins here --> + + <refsynopsisdiv id='pam_sm_chauthtok-synopsis'> + <funcsynopsis> + <funcsynopsisinfo>#define PAM_SM_PASSWORD</funcsynopsisinfo> + <funcsynopsisinfo>#include <security/pam_modules.h></funcsynopsisinfo> + <funcprototype> + <funcdef>PAM_EXTERN int <function>pam_sm_chauthtok</function></funcdef> + <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> + <paramdef>int <parameter>flags</parameter></paramdef> + <paramdef>int <parameter>argc</parameter></paramdef> + <paramdef>const char **<parameter>argv</parameter></paramdef> + </funcprototype> + </funcsynopsis> + </refsynopsisdiv> + + + <refsect1 id='pam_sm_chauthtok-description'> + <title>DESCRIPTION</title> + <para> + The <function>pam_sm_chauthtok</function> function is the service + module's implementation of the + <citerefentry> + <refentrytitle>pam_chauthtok</refentrytitle><manvolnum>3</manvolnum> + </citerefentry> interface. + </para> + <para> + This function is used to (re-)set the authentication token of the user. + </para> + <para> + Valid flags, which may be logically OR'd with + <emphasis>PAM_SILENT</emphasis>, are: + </para> + <variablelist> + <varlistentry> + <term>PAM_SILENT</term> + <listitem> + <para> + Do not emit any messages. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_CHANGE_EXPIRED_AUTHTOK</term> + <listitem> + <para> + This argument indicates to the module that the users + authentication token (password) should only be changed if + it has expired. This flag is optional and + <emphasis>must</emphasis> be combined with one of the + following two flags. Note, however, the following two options + are <emphasis>mutually exclusive</emphasis>. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_PRELIM_CHECK</term> + <listitem> + <para> + This indicates that the modules are being probed as to + their ready status for altering the user's authentication + token. If the module requires access to another system over + some network it should attempt to verify it can connect to + this system on receiving this flag. If a module cannot establish + it is ready to update the user's authentication token it should + return <emphasis remap='B'>PAM_TRY_AGAIN</emphasis>, this + information will be passed back to the application. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_UPDATE_AUTHTOK</term> + <listitem> + <para> + This informs the module that this is the call it should change + the authorization tokens. If the flag is logically OR'd with + <emphasis remap='B'>PAM_CHANGE_EXPIRED_AUTHTOK</emphasis>, the + token is only changed if it has actually expired. + </para> + </listitem> + </varlistentry> + </variablelist> + <para> + The PAM library calls this function twice in succession. The first + time with <emphasis remap='B'>PAM_PRELIM_CHECK</emphasis> and then, + if the module does not return + <emphasis remap='B'>PAM_TRY_AGAIN</emphasis>, subsequently with + <emphasis remap='B'>PAM_UPDATE_AUTHTOK</emphasis>. It is only on + the second call that the authorization token is (possibly) changed. + </para> + </refsect1> + + <refsect1 id="pam_sm_chauthtok-return_values"> + <title>RETURN VALUES</title> + <variablelist> + <varlistentry> + <term>PAM_AUTHTOK_ERR</term> + <listitem> + <para> + The module was unable to obtain the new authentication token. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_AUTHTOK_RECOVERY_ERR</term> + <listitem> + <para> + The module was unable to obtain the old authentication token. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_AUTHTOK_LOCK_BUSY</term> + <listitem> + <para> + Cannot change the authentication token since it is currently + locked. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_AUTHTOK_DISABLE_AGING</term> + <listitem> + <para> + Authentication token aging has been disabled. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_PERM_DENIED</term> + <listitem> + <para> + Permission denied. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_TRY_AGAIN</term> + <listitem> + <para> + Preliminary check was unsuccessful. Signals an immediate + return to the application is desired. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_SUCCESS</term> + <listitem> + <para> + The authentication token was successfully updated. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_USER_UNKNOWN</term> + <listitem> + <para> + User unknown to password service. + </para> + </listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1 id='pam_sm_chauthtok-see_also'> + <title>SEE ALSO</title> + <para> + <citerefentry> + <refentrytitle>pam</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_chauthtok</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_sm_chauthtok</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum> + </citerefentry> + </para> + </refsect1> +</refentry> |