pam_authtok_store(5)




NAME

     pam_authtok_store - password management module


SYNOPSIS

     pam_authtok_store.so.1


DESCRIPTION

     pam_authtok_store provides functionality to the PAM password
     management     stack.     It    provides    one    function:
     pam_sm_chauthtok().

     When invoked with  flags  set  to  PAM_UPDATE_AUTHTOK,  this
     module  updates the authentication token for the user speci-
     fied by PAM_USER.

     The authentication  token  PAM_OLDAUTHTOK  can  be  used  to
     authenticate  the user against repositories that need updat-
     ing (NIS, LDAP). After successful updates, the new authenti-
     cation token stored in PAM_AUTHTOK is the user's valid pass-
     word.

     This module honors the PAM_REPOSITORY item, which,  if  set,
     specifies   which   repository   is   to   be   updated.  If
     PAM_REPOSITORY is unset, it follows the nsswitch.conf(4).

     The following option can be passed to the module:

     debug syslog(3C)  debugging  information  at  the  LOG_DEBUG
           level

     server_policy
           If the account authority for the user, as specified by
           PAM_USER,  is a server, do not encrypt the authentica-
           tion token before updating.


ERRORS

     PAM_SUCCESS
           Successfully obtains authentication token

     PAM_SYSTEM_ERR
           Fails to get username, service name, old  password  or
           new  password,  user  name  null or empty, or password
           null.


ATTRIBUTES

     See attributes(5) for descriptions of the  following  attri-
     butes:

     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    |_____________________________|_____________________________|
    | Interface Stability         | Evolving                    |
    |_____________________________|_____________________________|
    | MT Level                    | MT-Safe with exceptions     |
    |_____________________________|_____________________________|


SEE ALSO

     pam(3PAM),   pam_authenticate(3PAM),    pam_chauthtok(3PAM),
     syslog(3C),    libpam(3LIB),   pam.conf(4),   attributes(5),
     pam_authtok_check(5),   pam_authtok_get(5),   pam_dhkeys(5),
     pam_passwd_auth(5),     pam_unix(5),    pam_unix_account(5),
     pam_unix_auth(5), pam_unix_session(5)


NOTES

     The interfaces in libpam(3LIB)  are  MT-Safe  only  if  each
     thread  within  the  multi-threaded application uses its own
     PAM handle.

     The pam_unix(5) module might not be supported  in  a  future
     release.    Similar    functionality    is    provided    by
     pam_authtok_check(5),                    pam_authtok_get(5),
     pam_authtok_store(5),   pam_dhkeys(5),   pam_passwd_auth(5),
     pam_unix_account(5),          pam_unix_auth(5),          and
     pam_unix_session(5).


Man(1) output converted with man2html