pam_acct_mgmt - perform PAM account validation procedures
#include <security/pam_appl.h>
int pam_acct_mgmt (
pam_handle_t *pamh,
int flags
);
Thepam_acct_mgmt() function is called to determine if the current user's account is valid. This includes checking for password and account expiration, as well as verifying access hour restrictions. This function is typically called after the user has been authenticated withpam_authenticate() .The arguments for
pam_acct_mgmt() are:
- pamh (in)
The PAM authentication handle, returned from a previous call topam_start() .
- flags (in)
Flags may be set to:
- PAM_SILENT
The account management service should not generate any messages.
- PAM_DISALLOW_NULL_AUTHTOK
The account management service should return PAM_NEW_AUTHTOKEN_REQD if the user has a null authentication token.
One of the following PAM status codes shall be returned:
- [PAM_SUCCESS]
Successful completion.
- [PAM_ACCT_EXPIRED]
The user account has expired.
- [PAM_NEW_AUTHTOKEN_REQD]
New authentication token is required. The user password has aged or expired. PAM service modules return this to request the calling application to immediately prompt the user for a new password.
- [PAM_USER_UNKNOWN]
The user is unknown to the underlying account management module.
- [PAM_OPEN_ERR]
Failure when dynamically loading an account management service module.
- [PAM_SYMBOL_ERR]
Symbol not found in service module.
- [PAM_SERVICE_ERR]
Error in service module.
- [PAM_SYSTEM_ERR]
System error.
- [PAM_BUF_ERR]
Memory buffer error.
- [PAM_CONV_ERR]
Conversation error.
- [PAM_PERM_DENIED]
Permission to access relevant information is denied.
- [PAM_AUTHTOK_EXPIRED]
User password has aged or expired. Typically, PAM service modules return this to indicate that a password has been expired for too long.
[??] Some characters or strings that appear in the printed document are not easily representable using HTML.
| Contents | Next section | Index |