pam_unix_account module implements pam_sm_acct_mgmt(), which provides functionality to the PAM account management stack. The module provides functions to validate that the user's account is not locked or expired and that the user's password does not need to be changed. The module retrieves account information from the configured databases in nsswitch.conf(4).
The following options can be passed to the module:
syslog(3C) debugging information at the LOG_DEBUG level
Turn off warning messages
If the account authority for the user, as specified by PAM_USER, is a server, do not apply the Unix policy from the passwd entry in the name service switch.
The following values are returned:
User account has expired
Password expired and no longer usable
Memory buffer error
Ignore module, not participating in result
Obtain new authentication token from the user
The account is locked or has been inactive for too long
Error in underlying service module
The account is valid for use at this time
No account is present for the user
See attributes(5) for descriptions of the following attributes:
MT-Safe with exceptions
pam(3PAM), pam_authenticate(3PAM), syslog(3C), libpam(3LIB), pam.conf(4), nsswitch.conf(4), attributes(5), pam_authtok_check(5), pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_auth(5), pam_unix_session(5)
The interfaces in libpam(3LIB) are MT-Safe only if each thread within the multi-threaded application uses its own PAM handle.
The pam_unix(5) module is no longer supported. Similar functionality is provided by pam_authtok_check(5), pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), and pam_unix_session(5).