'\" te
.\" Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved.
.TH pam_passwd_auth 5 "15 Jun 2011" "SunOS 5.11" "Standards, Environments, and Macros"
.SH NAME
pam_passwd_auth \- authentication module for password
.SH SYNOPSIS
.LP
.nf
\fBpam_passwd_auth.so.1\fR
.fi

.SH DESCRIPTION
.sp
.LP
\fBpam_passwd_auth\fR provides authentication functionality to the password service as implemented by \fBpasswd\fR(1). It differs from the standard \fBPAM\fR authentication modules in its prompting behavior. It should be the first module on the password service authentication stack.
.sp
.LP
The name of the user whose password attributes are to be updated must be present in the \fBPAM_USER\fR item. This can be accomplished due to a previous call to \fBpam_start\fR(3PAM), or explicitly set by \fBpam_set_item\fR(3PAM). Based on the current user-id and the repository that is to by updated, the module determines whether a password is necessary for a successful update of the password repository, and if so, which password is required. 
.sp
.LP
The following options can be passed to the module:
.sp
.ne 2
.mk
.na
\fB\fBdebug\fR\fR
.ad
.RS 17n
.rt  
\fBsyslog\fR(3C) debugging information at the \fBLOG_DEBUG\fR level
.RE

.sp
.ne 2
.mk
.na
\fB\fBnowarn\fR\fR
.ad
.RS 17n
.rt  
Turn off warning messages
.RE

.sp
.ne 2
.mk
.na
\fB\fBserver_policy\fR\fR
.ad
.RS 17n
.rt  
If the account authority for the user, as specified by \fBPAM_USER\fR, is a server, do not apply the Unix policy from the passwd entry in the name service switch.
.RE

.SH ERRORS
.sp
.LP
The following error codes are returned:
.sp
.ne 2
.mk
.na
\fB\fBPAM_BUF_ERR\fR\fR
.ad
.RS 18n
.rt  
Memory buffer error
.RE

.sp
.ne 2
.mk
.na
\fB\fBPAM_IGNORE\fR\fR
.ad
.RS 18n
.rt  
Ignore module, not participating in result
.RE

.sp
.ne 2
.mk
.na
\fB\fBPAM_SUCCESS\fR\fR
.ad
.RS 18n
.rt  
Successfully obtains authentication token
.RE

.sp
.ne 2
.mk
.na
\fB\fBPAM_SYSTEM_ERR\fR\fR
.ad
.RS 18n
.rt  
System error
.RE

.SH ATTRIBUTES
.sp
.LP
See \fBattributes\fR(5) for descriptions of the following attributes:
.sp

.sp
.TS
tab() box;
cw(2.75i) |cw(2.75i) 
lw(2.75i) |lw(2.75i) 
.
ATTRIBUTE TYPEATTRIBUTE VALUE
_
Interface StabilityCommitted
_
MT LevelMT-Safe with exceptions
.TE

.SH SEE ALSO
.sp
.LP
\fBpasswd\fR(1), \fBpam\fR(3PAM), \fBpam_authenticate\fR(3PAM), \fBpam_start\fR(3PAM), \fBpam_set_item\fR(3PAM), \fBsyslog\fR(3C), \fBlibpam\fR(3LIB), \fBpam.conf\fR(4), \fBattributes\fR(5), \fBpam_authtok_check\fR(5), \fBpam_authtok_get\fR(5), \fBpam_authtok_store\fR(5), \fBpam_dhkeys\fR(5), \fBpam_unix_account\fR(5), \fBpam_unix_auth\fR(5), \fBpam_unix_session\fR(5)
.SH NOTES
.sp
.LP
The interfaces in \fBlibpam\fR(3LIB) are MT-Safe only if each thread within the multi-threaded application uses its own PAM handle.
.sp
.LP
This module relies on the value of the current real \fBUID\fR, this module is only safe for MT-applications that don't change \fBUID\fRs during the call to \fBpam_authenticate\fR(3PAM).