summaryrefslogtreecommitdiff
path: root/doc/man/pam_acct_mgmt.3.xml
blob: b00f6daa076ee64038770a664167bc8359f8f29b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
                   "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
<refentry id='pam_acct_mgmt'>
  <refmeta>
    <refentrytitle>pam_acct_mgmt</refentrytitle>
    <manvolnum>3</manvolnum>
    <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
  </refmeta>

  <refnamediv id="pam_acct_mgmt-name">
    <refname>pam_acct_mgmt</refname>
    <refpurpose>PAM account validation management</refpurpose>
  </refnamediv>

<!-- body begins here -->

  <refsynopsisdiv id='pam_acct_mgmt-synopsis'>
    <funcsynopsis>
      <funcsynopsisinfo>#include &lt;security/pam_appl.h&gt;</funcsynopsisinfo>
      <funcprototype>
        <funcdef>int <function>pam_acct_mgmt</function></funcdef>
        <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef>
        <paramdef>int <parameter>flags</parameter></paramdef>
      </funcprototype>
    </funcsynopsis>
  </refsynopsisdiv>


  <refsect1 id='pam_acct_mgmt-description'>
    <title>DESCRIPTION</title>
    <para>
      The <function>pam_acct_mgmt</function> function is used to determine
      if the users account is valid. It checks for authentication token
      and account expiration and verifies access restrictions. It is
      typically called after the user has been authenticated.
    </para>
    <para>
      The <emphasis>pamh</emphasis> argument is an authentication
      handle obtained by a prior call to pam_start().
      The flags argument is the binary or of zero or more of the
      following values:
    </para>
    <variablelist>
      <varlistentry>
        <term>PAM_SILENT</term>
        <listitem>
           <para>
             Do not emit any messages.
          </para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term>PAM_DISALLOW_NULL_AUTHTOK</term>
        <listitem>
          <para>
            The PAM module service should return PAM_NEW_AUTHTOK_REQD
            if the user has a null authentication token.
          </para>
        </listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id="pam_acct_mgmt-return_values">
    <title>RETURN VALUES</title>
    <variablelist>
      <varlistentry>
        <term>PAM_ACCT_EXPIRED</term>
        <listitem>
           <para>
             User account has expired.
          </para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term>PAM_AUTH_ERR</term>
        <listitem>
          <para>
            Authentication failure.
          </para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term>PAM_NEW_AUTHTOK_REQD</term>
        <listitem>
          <para>
            The user account is valid but their authentication token
            is <emphasis>expired</emphasis>. The correct response to
            this return-value is to require that the user satisfies
            the <function>pam_chauthtok()</function> function before
            obtaining service. It may not be possible for some
            applications to do this. In such cases, the user should be
            denied access until such time as they can update their password.
          </para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term>PAM_PERM_DENIED</term>
        <listitem>
          <para>
            Permission denied.
          </para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term>PAM_SUCCESS</term>
        <listitem>
           <para>
             The authentication token was successfully updated.
          </para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term>PAM_USER_UNKNOWN</term>
        <listitem>
          <para>
            User unknown to password service.
          </para>
        </listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='pam_acct_mgmt-see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
        <refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum>
      </citerefentry>,
      <citerefentry>
        <refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum>
      </citerefentry>,
      <citerefentry>
        <refentrytitle>pam_chauthtok</refentrytitle><manvolnum>3</manvolnum>
      </citerefentry>,
      <citerefentry>
        <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum>
      </citerefentry>,
      <citerefentry>
        <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>
    </para>
  </refsect1>
</refentry>