pam_chauthtok is used to change the authentication token for a given user as indicated by the state associated with the handle pamh.
flags is an optional parameter that may be specified by the following value:
User's authentication token should only be changed if it has expired.
Additionally, the value of flags may be logically OR'd with PAM_SILENT.
A module was unable to obtain the new authentication token.
A module was unable to obtain the old authentication token.
One or more modules were unable to change the authentication token since it is currently locked.
Authentication token aging has been disabled for at least one of the modules.
Not all modules were in a position to update the authentication token(s). In such a case, none of the user's authentication tokens are updated.
User is not known to the authentication token changing service.