setting a random password with PAM API

Christopher J. Ruwe cjr at
Wed Dec 29 22:47:15 UTC 2010


First, I'd like to apologise for my choice of lists to post to ... the
question is more PAM-specific than FreeBSD, but the idea comes from
BSD, so I hope someone will have an idea or knows where to turn to (and
I don't know where to turn else).

I am trying to implement the feature to set a random password like in
BSD "pw usermod -W" in the Solaris passwd. Regrettably, I have not
found or perhaps not understood the PAM API documentation on how to
_inject a given string_ into the change-auth-token function
pam_chauthtok(...), which always jumps in an interactive pw-changing

After I have generated a random string char * randstring, I have tried
setting that string using

retval = pam_set_item( pamh, PAM_AUTHTOK, randstring);
which returns PAM_SUCCESS. The password / authentication token remains
unchanged, however. My second idea, i.e., using pam_sm_chauthtok(...),
did not work, either, as I have not understood the arguments to be

Should anybody know how to inject a given/known string into PAM to set
a user password, know where to look for documentation regarding that
issue or have another idea, I would really appreciate it ... and again
my apologies for being more than just slightly off topic.

Kind regards,
Christopher J. Ruwe
TZ GMT + 1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: not available
Url :

More information about the freebsd-security mailing list