PAM module implementation for pam_acct_mgmt().
PAM Library (libpam.a)
#include <security/pam_appl.h>
#include <security/pam_modules.h>
int pam_sm_acct_mgmt (PAMHandle, Flags, Argc, Argv)
pam_handle_t *PAMHandle;
int Flags;
int Argc;
const char **Argv;
The pam_sm_acct_mgmt subroutine is invoked by the PAM library in response to a call to pam_acct_mgmt. The pam_sm_acct_mgmt subroutine performs the account and password validation for a user and is associated with the "account" service in the PAM configuration file. It is up to the module writers to implement their own service-dependent version of pam_sm_acct_mgmt, if the module requires this feature. Actual checks performed are at the discretion of the module writer but typically include checks such as password expiration and login time validation.
Item | Description |
---|---|
PAMhandle | The PAM handle representing the current user authentication session. This handle is obtained by a call to pam_start(). |
Flags | The Flags argument can be a logically
OR'd combination of the following:
|
Argc | The number of module options specified in the PAM configuration file. |
Argv | The module options specified in the PAM configuration file. These options are module-dependent. Any modules receiving invalid options should ignore them. |
Upon successful completion, pam_sm_acct_mgmt returns PAM_SUCCESS. If the routine fails, a different error is returned, depending on the actual error.
Item | Description |
---|---|
PAM_ACCT_EXPIRED | The user's account has expired. |
PAM_NEW_AUTHTOKEN_REQD | The user's password needs to be changed. This is usually due to password aging or because it was last set by the system administrator. At this stage, most users can still change their passwords. Applications should call pam_chauthtok() and have the users change their password. |
PAM_AUTHTOK_EXPIRED | The user's password has expired. Unlike PAM_NEW_AUTHTOKEN_REQD, the password cannot be changed by the user. |
PAM_USER_UNKNOWN | The user is not known. |
PAM_OPEN_ERR | One of the PAM authentication modules could not be loaded. |
PAM_SYMBOL_ERR | A necessary item is not available to a PAM module. |
PAM_SERVICE_ERR | An error occurred in a PAM module. |
PAM_SYSTEM_ERR | A system error occurred. |
PAM_BUF_ERR | A memory error occurred. |
PAM_CONV_ERR | A conversation error occurred. |
PAM_PERM_DENIED | Access permission was denied to the user. |