The
openpam_nullconv function is a null conversation function suitable for applications that want to use PAM but don't support interactive dialog with the user. Such applications should set
PAM_AUTHTOK to whatever authentication token they've obtained on their own before calling
pam_authenticate(3) and / or
pam_chauthtok(3), and their PAM configuration should specify the
use_first_pass option for all modules that require access to the authentication token, to make sure they use
PAM_AUTHTOK rather than try to query the user.