The pam_unix_auth module implements pam_sm_authenticate(), which provides functionality to the PAM authentication stack. It provides functions to verify that the password contained in the PAM item PAM_AUTHTOK is the correct password for the user specified in the item PAM_USER. If PAM_REPOSITORY is specified, then user's passwd is fetched from that repository. Otherwise the default nsswitch.conf(4) repository is searched for that user.

The following options can be passed to the module:

server_policy

If the account authority for the user, as specified by PAM_USER, is a server, do not apply the Unix policy from the passwd entry in the name service switch.

The following values are returned:

PAM_AUTH_ERR

Authentication failure

PAM_BUF_ERR

Memory buffer error

PAM_IGNORE

Ignore module, not participating in result

PAM_PERM_DENIED

Permission denied

PAM_SUCCESS

Successfully obtains authentication token

PAM_SYSTEM_ERR

System error

PAM_USER_UNKNOWN

No account present for user

See attributes(5) for descriptions of the following attributes:

pam(3PAM), pam_authenticate(3PAM), syslog(3C), libpam(3LIB), pam.conf(4), nsswitch.conf(4), attributes(5), pam_authtok_check(5), pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix(5), pam_unix_account(5), pam_unix_session(5)

The interfaces in libpam(3LIB) are MT-Safe only if each thread within the multi-threaded application uses its own PAM handle.

The pam_unix(5) module might not be supported in a future release. Similar functionality is provided by pam_authtok_check(5), pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), and pam_unix_session(5).