Previous section.

X/Open Single Sign-on Service (XSSO) -<br> Pluggable Authentication Modules

X/Open Single Sign-on Service (XSSO) -
Pluggable Authentication Modules
Copyright © 1997 The Open Group


pam_sm_authenticate_secondary - service provider interface for pam_authenticate_secondary


#include <security/pam_appl.h>
#include <security/pam_modules.h>

int pam_authenticate_secondary ( pam_handle_t *pamh, char *target_username, char *target_module_type, char *target_authn_domain, char *target_supp_data, unsigned char *target_module_authtok, int flags );


In response to a call to pam_authenticate_secondary(), the PAM framework calls pam_sm_authenticate_secondary() from the modules listed in the PAM configuration. The authentication provider supplies the back-end functionality for this interface function.

The function, pam_sm_authenticate_secondary(), is called to verify the identity of the current user to a further domain.

If PAM_DISALLOW_NULL_AUTHTOK is specified and target_module_authtok is NULL then the authentication will fail.

The arguments for pam_sm_authenticate_secondary() are:

pamh (in)

The PAM authentication handle, returned from a previous call to pam_start().

target_username (in)

The username to be authenticated within the target domain.

target_module_type (in)

The mechanism to be used for the authentication.

target_authn_domain (in)

The domain within which the secondary authentication is required.

target_supp_data (in)

Supplementary data to be used by the secondary authentication mechanism.

target_module_authtok (in)

The authentication data specific to the type of mechanism and the domain within which authentication is required. This will generally have been retrieved with a call to pam_get_mapped_authtok().

flags (in)

Flags which determine the actions to be taken on authentication. These may be set to:

The authentication service shall not display any messages.

The authentication service should return [PAM_AUTH_ERROR] if the user has a null authentication token.


One of the following PAM status codes shall be returned:


Successful completion.


There has been an error in authenticating the user. This occurs if the user submits an invalid authentication token, or if the PAM_DISALLOW_NULL_AUTHTOK flag is set and the user submits a NULL authentication token.


Cannot access authentication data due to insufficient credentials.


The user is not known to the authentication module.


Symbol not found in service module.


Error in service module.


System error.


Memory buffer error.


Conversation error.


Permission denied.

[??] Some characters or strings that appear in the printed document are not easily representable using HTML.

Why not acquire a nicely bound hard copy?
Click here to return to the publication details or order a copy of this publication.

Contents Next section Index