'\" t
.\"     Title: pam_sm_acct_mgmt
.\"    Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\"      Date: 04/01/2016
.\"    Manual: Linux-PAM Manual
.\"    Source: Linux-PAM Manual
.\"  Language: English
.\"
.TH "PAM_SM_ACCT_MGMT" "3" "04/01/2016" "Linux-PAM Manual" "Linux-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
pam_sm_acct_mgmt \- PAM service function for account management
.SH "SYNOPSIS"
.sp
.ft B
.nf
#define PAM_SM_ACCOUNT
.fi
.ft
.sp
.ft B
.nf
#include <security/pam_modules\&.h>
.fi
.ft
.HP \w'int\ pam_sm_acct_mgmt('u
.BI "int pam_sm_acct_mgmt(pam_handle_t\ *" "pamh" ", int\ " "flags" ", int\ " "argc" ", const\ char\ **" "argv" ");"
.SH "DESCRIPTION"
.PP
The
\fBpam_sm_acct_mgmt\fR
function is the service module\*(Aqs implementation of the
\fBpam_acct_mgmt\fR(3)
interface\&.
.PP
This function performs the task of establishing whether the user is permitted to gain access at this time\&. It should be understood that the user has previously been validated by an authentication module\&. This function checks for other things\&. Such things might be: the time of day or the date, the terminal line, remote hostname, etc\&. This function may also determine things like the expiration on passwords, and respond that the user change it before continuing\&.
.PP
Valid flags, which may be logically OR\*(Aqd with
\fIPAM_SILENT\fR, are:
.PP
PAM_SILENT
.RS 4
Do not emit any messages\&.
.RE
.PP
PAM_DISALLOW_NULL_AUTHTOK
.RS 4
Return
\fBPAM_AUTH_ERR\fR
if the database of authentication tokens for this authentication mechanism has a
\fINULL\fR
entry for the user\&.
.RE
.SH "RETURN VALUES"
.PP
PAM_ACCT_EXPIRED
.RS 4
User account has expired\&.
.RE
.PP
PAM_AUTH_ERR
.RS 4
Authentication failure\&.
.RE
.PP
PAM_NEW_AUTHTOK_REQD
.RS 4
The user\*(Aqs authentication token has expired\&. Before calling this function again the application will arrange for a new one to be given\&. This will likely result in a call to
\fBpam_sm_chauthtok()\fR\&.
.RE
.PP
PAM_PERM_DENIED
.RS 4
Permission denied\&.
.RE
.PP
PAM_SUCCESS
.RS 4
The authentication token was successfully updated\&.
.RE
.PP
PAM_USER_UNKNOWN
.RS 4
User unknown to password service\&.
.RE
.SH "SEE ALSO"
.PP
\fBpam\fR(3),
\fBpam_acct_mgmt\fR(3),
\fBpam_sm_chauthtok\fR(3),
\fBpam_strerror\fR(3),
\fBPAM\fR(8)