Go to main content

man pages section 7: Standards, Environments, Macros, Character Sets, and Miscellany

Exit Print View

Updated: Wednesday, August 8, 2018
 
 

pam_unix_account(7)

Name

pam_unix_account - PAM account management module for UNIX

Synopsis

pam_unix_account.so.1

Description

    The pam_unix_account module implements pam_sm_acct_mgmt(), which provides functionality to the PAM account management stack. This module provides functions to:

  • Validate that an authenticated user is allowed to log in to the local user account by checking that the account is not locked or expired

  • The user's password has not expired and does not need to be changed

  • Validate that the user is permitted to access the PAM service at the current time and day of the week.

  • The user's account has not been inactive for too long

  • The /etc/nologin file is not present for non-root users (see nologin(5))

The pam_unix_account module retrieves account information from the configured databases in nsswitch.conf(5).

The following options can be passed to the module:

debug

syslog(3C) debugging information at the LOG_DEBUG level

nowarn

Turn off warning messages

server_policy

If the account authority for the user, as specified by PAM_USER, is a server, do not apply the Unix policy from the passwd entry in the name service switch.

Errors

The following values are returned:

PAM_UNIX_ACCOUNT

User account has expired

PAM_AUTHTOK_EXPIRED

Password expired and no longer usable

PAM_BUF_ERR

Memory buffer error

PAM_IGNORE

Ignore module, not participating in result

PAM_NEW_AUTHTOK_REQD

Obtain new authentication token from the user

PAM_PERM_DENIED

The account is locked or has been inactive for too long or is not permitted at the current time and day of the week

PAM_SERVICE_ERR

Error in underlying service module

PAM_SUCCESS

The account is valid for use at this time

PAM_USER_UNKNOWN

No account is present for the user

PAM_LOGINS_DISABLED

Logins for non-root users are disabled due to the presence of the /etc/nologin file. See nologin(5).

Attributes

See attributes(7) for descriptions of the following attributes:

ATTRIBUTE TYPE
ATTRIBUTE VALUE
Interface Stability
Committed
MT Level
MT-Safe with exceptions

See Also

syslog(3C), libpam(3LIB), pam(3PAM), pam_authenticate(3PAM), nsswitch.conf(5), pam.conf(5), attributes(7)

Notes

The interfaces in libpam(3LIB) are MT-Safe only if each thread within the multi-threaded application uses its own PAM handle.

Attempts to validate locked accounts are logged via syslog(3C) to the LOG_AUTH facility with a LOG_NOTICE severity.