pam_sm_acct_mgmt Subroutine

Purpose

PAM module implementation for pam_acct_mgmt().

Library

PAM Library (libpam.a)

Syntax

#include <security/pam_appl.h>
#include <security/pam_modules.h>

int pam_sm_acct_mgmt (PAMHandle, Flags, Argc, Argv)
pam_handle_t *PAMHandle;
int Flags;
int Argc;
const char **Argv;

Description

The pam_sm_acct_mgmt subroutine is invoked by the PAM library in response to a call to pam_acct_mgmt. The pam_sm_acct_mgmt subroutine performs the account and password validation for a user and is associated with the "account" service in the PAM configuration file. It is up to the module writers to implement their own service-dependent version of pam_sm_acct_mgmt, if the module requires this feature. Actual checks performed are at the discretion of the module writer but typically include checks such as password expiration and login time validation.

Parameters

Item Description
PAMhandle The PAM handle representing the current user authentication session. This handle is obtained by a call to pam_start().
Flags The Flags argument can be a logically OR'd combination of the following:
  • PAM_SILENT
    • No messages should be displayed.
  • PAM_DISALLOW_NULL_AUTHTOK
    • Do not authenticate a user with a NULL authentication token.
Argc The number of module options specified in the PAM configuration file.
Argv The module options specified in the PAM configuration file. These options are module-dependent. Any modules receiving invalid options should ignore them.

Return Values

Upon successful completion, pam_sm_acct_mgmt returns PAM_SUCCESS. If the routine fails, a different error is returned, depending on the actual error.

Error Codes

Item Description
PAM_ACCT_EXPIRED The user's account has expired.
PAM_NEW_AUTHTOKEN_REQD The user's password needs to be changed. This is usually due to password aging or because it was last set by the system administrator. At this stage, most users can still change their passwords. Applications should call pam_chauthtok() and have the users change their password.
PAM_AUTHTOK_EXPIRED The user's password has expired. Unlike PAM_NEW_AUTHTOKEN_REQD, the password cannot be changed by the user.
PAM_USER_UNKNOWN The user is not known.
PAM_OPEN_ERR One of the PAM authentication modules could not be loaded.
PAM_SYMBOL_ERR A necessary item is not available to a PAM module.
PAM_SERVICE_ERR An error occurred in a PAM module.
PAM_SYSTEM_ERR A system error occurred.
PAM_BUF_ERR A memory error occurred.
PAM_CONV_ERR A conversation error occurred.
PAM_PERM_DENIED Access permission was denied to the user.