The pam_get_user() function is used by PAM service modules to retrieve the current user name from the PAM handle. If the user name has not been set with pam_start() or pam_set_item(), the PAM conversation function will be used to prompt the user for the user name with the string "prompt". If prompt is NULL, then pam_get_item() is called and the value of PAM_USER_PROMPT is used for prompting. If the value of PAM_USER_PROMPT is NULL, the following default prompt is used:

Please enter user name:

After the user name is gathered by the conversation function, pam_set_item() is called to set the value of PAM_USER. By convention, applications that need to prompt for a user name should call pam_set_item() and set the value of PAM_USER_PROMPT before calling pam_authenticate(). The service module's pam_sm_authenticate() function will then call pam_get_user() to prompt for the user name.

Note that certain PAM service modules, such as a smart card module, may override the value of PAM_USER_PROMPT and pass in their own prompt. Applications that call pam_authenticate() multiple times should set the value of PAM_USER to NULL with pam_set_item() before calling pam_authenticate(), if they want the user to be prompted for a new user name each time. The value of user retrieved by pam_get_user() should not be modified or freed. The item will be released by pam_end().

Upon success, pam_get_user() returns PAM_SUCCESS; otherwise it returns an error code. Refer to pam(3PAM) for information on error related return values.

See attributes(5) for description of the following attributes:

pam(3PAM), pam_authenticate(3PAM), pam_end(3PAM), pam_get_item(3PAM), pam_set_item(3PAM), pam_sm(3PAM), pam_sm_authenticate(3PAM), pam_start(3PAM), attributes(5)

The interfaces in libpam are MT-Safe only if each thread within the multithreaded application uses its own PAM handle.