The
pam_get_authtok function returns the cached authentication token, or prompts the user if no token is currently cached. Either way, a pointer to the authentication token is stored in the location pointed to by the
authtok argument.
The
item argument must have one of the following values:
PAM_AUTHTOK
Returns the current authentication token, or the new token when changing authentication tokens.
PAM_OLDAUTHTOK
Returns the previous authentication token when changing authentication tokens.
The
prompt argument specifies a prompt to use if no token is cached. If it is
NULL, the
PAM_AUTHTOK_PROMPT or
PAM_OLDAUTHTOK_PROMPT item, as appropriate, will be used. If that item is also
NULL, a hardcoded default prompt will be used.
If
item is set to
PAM_AUTHTOK and there is a non-null
PAM_OLDAUTHTOK item,
pam_get_authtok will ask the user to confirm the new token by retyping it. If there is a mismatch,
pam_get_authtok will return
PAM_TRY_AGAIN.