blob: 0d844fd723a893a2fe65253bf22665f49df89f7e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
'\" t
.\" Title: pam_acct_mgmt
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 04/01/2016
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
.TH "PAM_ACCT_MGMT" "3" "04/01/2016" "Linux-PAM Manual" "Linux-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
pam_acct_mgmt \- PAM account validation management
.SH "SYNOPSIS"
.sp
.ft B
.nf
#include <security/pam_appl\&.h>
.fi
.ft
.HP \w'int\ pam_acct_mgmt('u
.BI "int pam_acct_mgmt(pam_handle_t\ *" "pamh" ", int\ " "flags" ");"
.SH "DESCRIPTION"
.PP
The
\fBpam_acct_mgmt\fR
function is used to determine if the user\*(Aqs account is valid\&. It checks for authentication token and account expiration and verifies access restrictions\&. It is typically called after the user has been authenticated\&.
.PP
The
\fIpamh\fR
argument is an authentication handle obtained by a prior call to pam_start()\&. The flags argument is the binary or of zero or more of the following values:
.PP
PAM_SILENT
.RS 4
Do not emit any messages\&.
.RE
.PP
PAM_DISALLOW_NULL_AUTHTOK
.RS 4
The PAM module service should return PAM_NEW_AUTHTOK_REQD if the user has a null authentication token\&.
.RE
.SH "RETURN VALUES"
.PP
PAM_ACCT_EXPIRED
.RS 4
User account has expired\&.
.RE
.PP
PAM_AUTH_ERR
.RS 4
Authentication failure\&.
.RE
.PP
PAM_NEW_AUTHTOK_REQD
.RS 4
The user account is valid but their authentication token is
\fIexpired\fR\&. The correct response to this return\-value is to require that the user satisfies the
\fBpam_chauthtok()\fR
function before obtaining service\&. It may not be possible for some applications to do this\&. In such cases, the user should be denied access until such time as they can update their password\&.
.RE
.PP
PAM_PERM_DENIED
.RS 4
Permission denied\&.
.RE
.PP
PAM_SUCCESS
.RS 4
The authentication token was successfully updated\&.
.RE
.PP
PAM_USER_UNKNOWN
.RS 4
User unknown to password service\&.
.RE
.SH "SEE ALSO"
.PP
\fBpam_start\fR(3),
\fBpam_authenticate\fR(3),
\fBpam_chauthtok\fR(3),
\fBpam_strerror\fR(3),
\fBpam\fR(8)
|
