diff options
Diffstat (limited to 'doc/man/pam_sm_chauthtok.3.xml')
-rw-r--r-- | doc/man/pam_sm_chauthtok.3.xml | 37 |
1 files changed, 21 insertions, 16 deletions
diff --git a/doc/man/pam_sm_chauthtok.3.xml b/doc/man/pam_sm_chauthtok.3.xml index c36a0baf..40ab191e 100644 --- a/doc/man/pam_sm_chauthtok.3.xml +++ b/doc/man/pam_sm_chauthtok.3.xml @@ -40,7 +40,7 @@ </citerefentry> interface. </para> <para> - This function is used to (re-)set the authentication token of the user. + This function is used to (re-)set the authentication token of the user. </para> <para> Valid flags, which may be logically OR'd with @@ -60,10 +60,10 @@ <listitem> <para> This argument indicates to the module that the users - authentication token (password) should only be changed if - it has expired. This flag is optional and - <emphasis>must</emphasis> be combined with one of the - following two flags. Note, however, the following two options + authentication token (password) should only be changed if + it has expired. This flag is optional and + <emphasis>must</emphasis> be combined with one of the + following two flags. Note, however, the following two options are <emphasis>mutually exclusive</emphasis>. </para> </listitem> @@ -72,15 +72,20 @@ <term>PAM_PRELIM_CHECK</term> <listitem> <para> - This indicates that the modules are being probed as to - their ready status for altering the user's authentication - token. If the module requires access to another system over - some network it should attempt to verify it can connect to - this system on receiving this flag. If a module cannot establish - it is ready to update the user's authentication token it should + This indicates that the modules are being probed as to + their ready status for altering the user's authentication + token. If the module requires access to another system over + some network it should attempt to verify it can connect to + this system on receiving this flag. If a module cannot establish + it is ready to update the user's authentication token it should return <emphasis remap='B'>PAM_TRY_AGAIN</emphasis>, this information will be passed back to the application. </para> + <para> + If the control value <emphasis>sufficient</emphasis> is used in + the password stack, the <emphasis>PAM_PRELIM_CHECK</emphasis> section + of the modules following that control value is not always executed. + </para> </listitem> </varlistentry> <varlistentry> @@ -89,18 +94,18 @@ <para> This informs the module that this is the call it should change the authorization tokens. If the flag is logically OR'd with - <emphasis remap='B'>PAM_CHANGE_EXPIRED_AUTHTOK</emphasis>, the + <emphasis remap='B'>PAM_CHANGE_EXPIRED_AUTHTOK</emphasis>, the token is only changed if it has actually expired. </para> </listitem> </varlistentry> </variablelist> <para> - The PAM library calls this function twice in succession. The first - time with <emphasis remap='B'>PAM_PRELIM_CHECK</emphasis> and then, - if the module does not return + The PAM library calls this function twice in succession. The first + time with <emphasis remap='B'>PAM_PRELIM_CHECK</emphasis> and then, + if the module does not return <emphasis remap='B'>PAM_TRY_AGAIN</emphasis>, subsequently with - <emphasis remap='B'>PAM_UPDATE_AUTHTOK</emphasis>. It is only on + <emphasis remap='B'>PAM_UPDATE_AUTHTOK</emphasis>. It is only on the second call that the authorization token is (possibly) changed. </para> </refsect1> |