Authentication service modules must implement both pam_sm_authenticate() and pam_sm_setcred(). pam_sm_setcred() in this module always returns PAM_IGNORE.
The value of the PAM_TTY item is checked against entries in dialups(4). If there is a match, the user's shell is compared against entries in d_passwd(4). If there is a matching entry, the user is prompted for a password which is validated against the entry found.
The following option may be passed in to this service module:
syslog(3C) debugging information at LOG_DEBUG level.
If dialups(4) is not present, PAM_IGNORE is returned. Upon successful completion of pam_sm_authenticate(), PAM_SUCCESS is returned. The following error codes are returned upon error:
Error in the calling service, PAM_TTY is not set.
System error (d_passwd(4) is not present).
No account is present for user.
See attributes(5) for a description of the following attributes:
pam(3PAM), pam_authenticate(3PAM) , pam_sm_authenticate(3PAM), d_passwd (4), dialups(4), libpam (3LIB), pam.conf(4), attributes(5), pam_authtok_check(5), pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), pam_unix_session(5)
The interfaces in libpam(3LIB) are MT-Safe only if each thread within the multi-threaded application uses its own PAM handle.