pam_acct_mgmt Subroutine
Purpose
Validates the user's account.
Library
PAM Library (libpam.a)
Syntax
#include <security/pam_appl.h>
int pam_acct_mgmt (PAMHandle, Flags)
pam_handle_t *PAMHandle;
int Flags;
Description
The pam_acct_mgmt subroutine performs various checks on the user's account to determine if it is valid. These checks can include account and password expiration, and access restrictions. This subroutine is generally used subsequent to a successful pam_authenticate() call in order to verify whether the authenticated user should be granted access.
Parameters
| Item | Description |
|---|---|
| PAMhandle | The PAM handle representing the current user authentication session. This handle is obtained by a call to pam_start(). |
| Flags | The Flags argument can be a logically OR'd combination
of the following:
|
Return Values
Upon successful completion, pam_acct_mgmt returns PAM_SUCCESS. If the routine fails, a different error will be returned, depending on the actual error.
Error Codes
| Item | Description |
|---|---|
| PAM_ACCT_EXPIRED | The user's account has expired. |
| PAM_NEW_AUTHTOK_REQD | The user's password needs changed. This is usually due to password aging or because it was last set by an administrator. At this stage most user's can still change their passwords; applications should call pam_chauthtok() and have the user promptly change their password. |
| PAM_AUTHTOK_EXPIRED | The user's password has expired. Unlike PAM_NEW_AUTHTOK_REQD, the password cannot be changed by the user. |
| PAM_USER_UNKNOWN | The user is not known. |
| PAM_OPEN_ERR | One of the PAM authentication modules could not be loaded. |
| PAM_SYMBOL_ERR | A necessary item is not available to a PAM module. |
| PAM_SERVICE_ERR | An error occurred in a PAM module. |
| PAM_SYSTEM_ERR | A system error occurred. |
| PAM_BUF_ERR | A memory error occurred. |
| PAM_CONV_ERR | A conversation error occurred. |
| PAM_PERM_DENIED | Access permission was denied to the user. |