pam_acct_mgmt - service provider implementation for pam_acct_mgmt
#include <security/pam_appl.h> #include <security/pam_modules.h>
int pam_sm_acct_mgmt ( pam_handle_t *pamh, int flags, int argc, const char **argv );
In response to a call to
pam_acct_mgmt(), the PAM framework calls pam_sm_acct_mgmt()from the modules listed in the PAM configuration. The authentication provider supplies the back-end functionality for this interface function.
pam_sm_acct_mgmt(), is called to determine if the current user's account is valid. This includes checking for password and account expiration, as well as verifying access hour restrictions. This function is typically called after the user has been authenticated with pam_authenticate().
The arguments for
- pamh (in)
The PAM authentication handle, returned from a previous call to
- flags (in)
Flags may be set to:
The account management service should not generate any messages.
The account management service should return PAM_NEW_AUTHTOKEN_REQD if the user has a null authentication token.
- argc (in)
The argc argument represents the number of module options defined in the PAM configuration.
- argv (in)
Specifies the module options, which are interpreted and processed by the authentication module. Please refer to the specific module manual pages for the various available options. If any unknown option is passed in, the module should log the error and ignore the option.
One of the following PAM status codes shall be returned:
The user account has expired.
New authentication token is required. The user password has aged or expired. PAM service modules return this to request the calling application to immediately prompt the user for a new password.
The user is unknown to the underlying account management module.
Failure when dynamically loading an account management service module.
Symbol not found in service module.
Error in service module.
Memory buffer error.
Permission to access relevant information is denied.
User password has aged or expired. Typically, PAM service modules return this to indicate that a password has been expired for too long.
[??] Some characters or strings that appear in the printed document are not easily representable using HTML.