Go to main content

man pages section 3: Extended Library Functions, Volume 3

Exit Print View

Updated: Thursday, June 13, 2019
 
 

pam_acct_mgmt(3PAM)

Name

pam_acct_mgmt - perform PAM account validation procedures

Synopsis

cc [ flag ... ] 
file ... –lpam [ library ... ]
#include <security/pam_appl.h>

int pam_acct_mgmt(pam_handle_t *
pamh, int 
flags);

Description

    The pam_acct_mgmt() function is called to determine if the current authenticated user's account is valid. This includes the following checks:

  • Password expiry

  • If the password needs to be changed

  • Account expiry

  • Account inactivity

  • If the account is locked

  • The /etc/nologin file is not present for non-root users (see nologin(5))

The pam_acct_mgmt() function is typically called after the user has been authenticated with pam_authenticate(3PAM).

The pamh argument is an authentication handle obtained by a prior call to pam_start(). The following flags may be set in the flags field:

PAM_SILENT

The account management service should not generate any messages.

PAM_DISALLOW_NULL_AUTHTOK

The account management service should return PAM_NEW_AUTHTOK_REQD if the user has a null authentication token.

Return Values

Upon successful completion, PAM_SUCCESS is returned. In addition to the error return values described in pam(3PAM), the following values may be returned:

PAM_USER_UNKNOWN

User not known to underlying account management module.

PAM_AUTH_ERR

Authentication failure.

PAM_NEW_AUTHTOK_REQD

New authentication token required. This is normally returned if the machine security policies require that the password should be changed because the password is NULL or has aged.

PAM_ACCT_EXPIRED

User account has expired.

PAM_LOGINS_DISABLED

Logins for non-root users are disabled due to the presence of the /etc/nologin file. See nologin(5)

Attributes

See attributes(7) for description of the following attributes:

ATTRIBUTE TYPE
ATTRIBUTE VALUE
Interface Stability
Committed
MT-Level
MT-Safe with exceptions

See Also

libpam(3LIB), pam(3PAM), pam_authenticate(3PAM), pam_start(3PAM), attributes(7)

Notes

The interfaces in libpam are MT-Safe only if each thread within the multithreaded application uses its own PAM handle.