'\" t
.\"     Title: pam_chauthtok
.\"    Author: [FIXME: author] [see http://www.docbook.org/tdg5/en/html/author]
.\" Generator: DocBook XSL Stylesheets v1.79.2 <http://docbook.sf.net/>
.\"      Date: 05/07/2023
.\"    Manual: Linux-PAM Manual
.\"    Source: Linux-PAM
.\"  Language: English
.\"
.TH "PAM_CHAUTHTOK" "3" "05/07/2023" "Linux\-PAM" "Linux\-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
pam_chauthtok \- updating authentication tokens
.SH "SYNOPSIS"
.sp
.ft B
.nf
#include <security/pam_appl\&.h>
.fi
.ft
.HP \w'int\ pam_chauthtok('u
.BI "int pam_chauthtok(pam_handle_t\ *" "pamh" ", int\ " "flags" ");"
.SH "DESCRIPTION"
.PP
The
\fBpam_chauthtok\fR
function is used to change the authentication token for a given user (as indicated by the state associated with the handle
\fIpamh\fR)\&.
.PP
The
\fIpamh\fR
argument is an authentication handle obtained by a prior call to pam_start()\&. The flags argument is the binary or of zero or more of the following values:
.PP
PAM_SILENT
.RS 4
Do not emit any messages\&.
.RE
.PP
PAM_CHANGE_EXPIRED_AUTHTOK
.RS 4
This argument indicates to the modules that the user\*(Aqs authentication token (password) should only be changed if it has expired\&. If this argument is not passed, the application requires that all authentication tokens are to be changed\&.
.RE
.SH "RETURN VALUES"
.PP
PAM_AUTHTOK_ERR
.RS 4
A module was unable to obtain the new authentication token\&.
.RE
.PP
PAM_AUTHTOK_RECOVERY_ERR
.RS 4
A module was unable to obtain the old authentication token\&.
.RE
.PP
PAM_AUTHTOK_LOCK_BUSY
.RS 4
One or more of the modules was unable to change the authentication token since it is currently locked\&.
.RE
.PP
PAM_AUTHTOK_DISABLE_AGING
.RS 4
Authentication token aging has been disabled for at least one of the modules\&.
.RE
.PP
PAM_PERM_DENIED
.RS 4
Permission denied\&.
.RE
.PP
PAM_SUCCESS
.RS 4
The authentication token was successfully updated\&.
.RE
.PP
PAM_TRY_AGAIN
.RS 4
Not all of the modules were in a position to update the authentication token(s)\&. In such a case none of the user\*(Aqs authentication tokens are updated\&.
.RE
.PP
PAM_USER_UNKNOWN
.RS 4
User unknown to password service\&.
.RE
.SH "SEE ALSO"
.PP
\fBpam_start\fR(3),
\fBpam_authenticate\fR(3),
\fBpam_setcred\fR(3),
\fBpam_get_item\fR(3),
\fBpam_strerror\fR(3),
\fBpam\fR(7)