ablish
            it is ready to update the user's authentication token it should
            return <span class="emphasis"><em>PAM_TRY_AGAIN</em></span>, this
            information will be passed back to the application.
          </p><p>
             If the control value <span class="emphasis"><em>sufficient</em></span> is used in
             the password stack, the <span class="emphasis"><em>PAM_PRELIM_CHECK</em></span> section
             of the modules following that control value is not always executed.
          </p></dd><dt><span class="term">PAM_UPDATE_AUTHTOK</span></dt><dd><p>
            This informs the module that this is the call it should change
            the authorization tokens. If the flag is logically OR'd with
            <span class="emphasis"><em>PAM_CHANGE_EXPIRED_AUTHTOK</em></span>, the
            token is only changed if it has actually expired.
          </p></dd></dl></div><p>
      The PAM library calls this function twice in succession. The first
      time with <span class="emphasis"><em>PAM_PRELIM_CHECK</em></span> and then,
      if the module does not return
      <span class="emphasis"><em>PAM_TRY_AGAIN</em></span>, subsequently with
      <span class="emphasis"><em>PAM_UPDATE_AUTHTOK</em></span>. It is only on
      the second call that the authorization token is (possibly) changed.
    </p></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a name="mwg-pam_sm_chauthtok-return_values"></a>3.5.1.2. RETURN VALUES</h4></div></div></div><div class="variablelist"><dl class="variablelist"><dt><span class="term">PAM_AUTHTOK_ERR</span></dt><dd><p>
             The module was unable to obtain the new authentication token.
          </p></dd><dt><span class="term">PAM_AUTHTOK_RECOVERY_ERR</span></dt><dd><p>
            The module was unable to obtain the old authentication token.
          </p></dd><dt><span class="term">PAM_AUTHTOK_LOCK_BUSY</span></dt><dd><p>
            Cannot change the authentication token since it is currently
            locked.
          </p></dd><dt><span class="term">PAM_AUTHTOK_DISABLE_AGING</span></dt><dd><p>
            Authentication token aging has been disabled.
          </p></dd><dt><span class="term">PAM_PERM_DENIED</span></dt><dd><p>
            Permission denied.
          </p></dd><dt><span class="term">PAM_TRY_AGAIN</span></dt><dd><p>
            Preliminary check was unsuccessful. Signals an immediate
            return to the application is desired.
          </p></dd><dt><span class="term">PAM_SUCCESS</span></dt><dd><p>
             The authentication token was successfully updated.
          </p></dd><dt><span class="term">PAM_USER_UNKNOWN</span></dt><dd><p>
            User unknown to password service.
          </p></dd></dl></div></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="mwg-expected-of-module-session.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="mwg-expected-of-module.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="mwg-see-options.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">3.4. Session management </td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_MWG.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 4. Generic optional arguments</td></tr></table></div></body></html>