PAM_ACCT_MGMT(3PAM)PAM_ACCT_MGMT(3PAM)NAMEpam_acct_mgmt - perform PAM account validation procedures
SYNOPSIS
cc [ flag ... ] file ... -lpam [ library ... ]
#include <security/pam_appl.h>
int pam_acct_mgmt(pam_handle_t *pamh, int flags);
DESCRIPTION
The pam_acct_mgmt() function is called to determine if the current
user's account is valid. It checks for password and account expira‐
tion, and verifies access hour restrictions. This function is typically
called after the user has been authenticated with pam_authenti‐
cate(3PAM).
The pamh argument is an authentication handle obtained by a prior call
to pam_start(). The following flags may be set in the flags field:
PAM_SILENT
The account management service should not
generate any messages.
PAM_DISALLOW_NULL_AUTHTOK
The account management service should
return PAM_NEW_AUTHTOK_REQD if the user
has a null authentication token.
RETURN VALUES
Upon successful completion, PAM_SUCCESS is returned. In addition to
the error return values described in pam(3PAM), the following values
may be returned:
PAM_USER_UNKNOWN
User not known to underlying account management
module.
PAM_AUTH_ERR
Authentication failure.
PAM_NEW_AUTHTOK_REQD
New authentication token required. This is nor‐
mally returned if the machine security policies
require that the password should be changed
because the password is NULL or has aged.
PAM_ACCT_EXPIRED
User account has expired.
ATTRIBUTES
See attributes(5) for description of the following attributes:
┌────────────────────┬─────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├────────────────────┼─────────────────────────┤
│Interface Stability │ Stable │
├────────────────────┼─────────────────────────┤
│MT-Level │ MT-Safe with exceptions │
└────────────────────┴─────────────────────────┘
SEE ALSOpam(3PAM), pam_authenticate(3PAM), pam_start(3PAM), libpam(3LIB),
attributes(5)NOTES
The interfaces in libpam are MT-Safe only if each thread within the
multithreaded application uses its own PAM handle.
Oct 13, 1998 PAM_ACCT_MGMT(3PAM)