NAME

pam_get_user — retrieve user name

SYNOPSIS

#include <sys/types.h>
#include <security/pam_appl.h>

int
pam_get_user(pam_handle_t *pamh, const char **user, const char *prompt);

DESCRIPTION

The pam_get_user() function returns the name of the target user, as specified to pam_start(3). If no user was specified, nor set using pam_set_item(3), pam_get_user() will prompt for a user name. Either way, a pointer to the user name is stored in the location pointed to by the user argument, and the corresponding PAM item is updated.

The prompt argument specifies a prompt to use if no user name is cached. If it is NULL, the PAM_USER_PROMPT item will be used. If that item is also NULL, a hardcoded default prompt will be used. Additionally, when pam_get_user() is called from a service module, the prompt may be affected by module options as described below. The prompt is then expanded using openpam_subst(3) before it is passed to the conversation function.

MODULE OPTIONS

When called by a service module, pam_get_user() will recognize the following module options:

user_prompt: Prompt to use when asking for the user name. This option overrides both the prompt argument and the PAM_USER_PROMPT item.

RETURN VALUES

The pam_get_user() function returns one of the following values:

[PAM_SUCCESS]: Success.
[PAM_BAD_ITEM]: Unrecognized or restricted item.
[PAM_BUF_ERR]: Memory buffer error.
[PAM_CONV_ERR]: Conversation failure.
[PAM_SYSTEM_ERR]: System error.

STANDARDS

X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules, June 1997.

AUTHORS

The pam_get_user() function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 (“CBOSS”), as part of the DARPA CHATS research program.

The OpenPAM library is maintained by Dag-Erling Smørgrav <des@des.no>.