1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
.\" Hey Emacs! This file is -*- nroff -*- source.
.\" $Id$
.\" Copyright (c) Andrew G. Morgan 1997 <morgan@parc.power.net>
.TH PAM_CHAUTHTOK 3 "1997 Jan 4" "Linux-PAM 0.55" "App. Programmers' Manual"
.SH NAME
pam_chauthtok \- updating authentication tokens
.SH SYNOPSIS
.B #include <security/pam_appl.h>
.sp
.BI "int pam_chauthtok(pam_handle_t " *pamh ", int " flags ");"
.sp 2
.SH DESCRIPTION
.B pam_chauthtok
.br
Use this function to rejuvenate the authentication tokens (passwords
etc.) of an applicant user.
.br
Note, the application should not pre-authenticate the user, as this is
performed (if required) by the
.BR Linux-PAM
framework.
.br
The
.I flags
argument can
.I optionally
take the value,
.BR PAM_CHANGE_EXPIRED_AUTHTOK "."
In such cases the framework is only required to update those
authentication tokens that have expired. Without this argument, the
framework will attempt to obtain new tokens for all configured
authentication mechanisms. The details of the types and number of such
schemes should not concern the calling application.
.SH RETURN VALUE
A successful return from this function will be indicated with
.BR PAM_SUCCESS "."
.br
Specific errors of special interest when calling this function are
.br
.BR PAM_AUTHTOK_ERROR
- a valid new token was not obtained
.br
.BR PAM_AUTHTOK_RECOVERY_ERR
- old authentication token was not available
.br
.BR PAM_AUTHTOK_LOCK_BUSY
- a resource needed to update the token was locked (try again later)
.br
.BR PAM_AUTHTOK_DISABLE_AGING
- one or more of the authentication modules does not honor
authentication token aging
.br
.BR PAM_TRY_AGAIN
- one or more authentication mechanism is not prepared to update a
token at this time
.br
In general other return values may be returned. They should be treated
as indicating failure.
.SH ERRORS
May be translated to text with
.BR pam_strerror "(3). "
.SH "CONFORMING TO"
DCE-RFC 86.0, October 1995.
.SH BUGS
.sp 2
none known.
.SH "SEE ALSO"
.BR pam_start "(3), "
.BR pam_authenticate "(3), "
.BR pam_setcred "(3), "
.BR pam_get_item "(3), "
.BR pam_strerror "(3) "
and
.BR pam "(8)."
.br
Also, see the three
.BR Linux-PAM
Guides, for
.BR "System administrators" ", "
.BR "module developers" ", "
and
.BR "application developers" ". "
|
