Pluggable Authentication Modules

X/Open Single Sign-on Service (XSSO) -<br> Pluggable Authentication Modules

X/Open Single Sign-on Service (XSSO) -
Pluggable Authentication Modules
Copyright © 1997 The Open Group

NAME

pam_acct_mgmt - service provider implementation for pam_acct_mgmt

SYNOPSIS

#include <security/pam_appl.h>
#include <security/pam_modules.h>

int pam_sm_acct_mgmt (
    pam_handle_t    *pamh,
    int              flags,
    int              argc,
    const char     **argv
);

DESCRIPTION

In response to a call to pam_acct_mgmt(), the PAM framework calls pam_sm_acct_mgmt() from the modules listed in the PAM configuration. The authentication provider supplies the back-end functionality for this interface function.
The function pam_sm_acct_mgmt(), is called to determine if the current user's account is valid. This includes checking for password and account expiration, as well as verifying access hour restrictions. This function is typically called after the user has been authenticated with pam_authenticate().
The arguments for pam_acct_mgmt() are:

pamh (in)

The PAM authentication handle, returned from a previous call to pam_start().

flags (in)

Flags may be set to:

PAM_SILENT
The account management service should not generate any messages.

PAM_DISALLOW_NULL_AUTHTOK
The account management service should return PAM_NEW_AUTHTOKEN_REQD if the user has a null authentication token.

argc (in)

The argc argument represents the number of module options defined in the PAM configuration.

argv (in)

Specifies the module options, which are interpreted and processed by the authentication module. Please refer to the specific module manual pages for the various available options. If any unknown option is passed in, the module should log the error and ignore the option.

RETURN VALUE

One of the following PAM status codes shall be returned:

[PAM_SUCCESS]

Successful completion.

[PAM_ACCT_EXPIRED]

The user account has expired.

[PAM_NEW_AUTHTOKEN_REQD]

New authentication token is required. The user password has aged or expired. PAM service modules return this to request the calling application to immediately prompt the user for a new password.

[PAM_USER_UNKNOWN]

The user is unknown to the underlying account management module.

[PAM_OPEN_ERR]

Failure when dynamically loading an account management service module.

[PAM_SYMBOL_ERR]

Symbol not found in service module.

[PAM_SERVICE_ERR]

Error in service module.

[PAM_SYSTEM_ERR]

System error.

[PAM_BUF_ERR]

Memory buffer error.

[PAM_CONV_ERR]

Conversation failure.

[PAM_PERM_DENIED]

Permission to access relevant information is denied.

[PAM_AUTHTOK_EXPIRED]

User password has aged or expired. Typically, PAM service modules return this to indicate that a password has been expired for too long.

[??] Some characters or strings that appear in the printed document are not easily representable using HTML.

Why not acquire a nicely bound hard copy?
Click here to return to the publication details or order a copy of this publication.

Contents

Next section

Index