NAME
pam_acct_mgmt —
perform PAM account
validation procedures
SYNOPSIS
#include <sys/types.h>
#include <security/pam_appl.h>
int
pam_acct_mgmt(
pam_handle_t
*pamh,
int flags);
DESCRIPTION
The
pam_acct_mgmt() function verifies and enforces account
restrictions after the user has been authenticated.
The
flags argument is the binary or of zero or more of the
following values:
-
-
PAM_SILENT
- Do not emit any messages.
-
-
PAM_DISALLOW_NULL_AUTHTOK
- Fail if the user's authentication token is null.
If any other bits are set,
pam_acct_mgmt() will return
PAM_SYMBOL_ERR
.
RETURN VALUES
The
pam_acct_mgmt() function returns one of the following
values:
-
-
- [
PAM_SUCCESS
]
- Success.
-
-
- [
PAM_ABORT
]
- General failure.
-
-
- [
PAM_ACCT_EXPIRED
]
- User account has expired.
-
-
- [
PAM_AUTH_ERR
]
- Authentication error.
-
-
- [
PAM_BUF_ERR
]
- Memory buffer error.
-
-
- [
PAM_CONV_ERR
]
- Conversation failure.
-
-
- [
PAM_NEW_AUTHTOK_REQD
]
- New authentication token required.
-
-
- [
PAM_PERM_DENIED
]
- Permission denied.
-
-
- [
PAM_SERVICE_ERR
]
- Error in service module.
-
-
- [
PAM_SYSTEM_ERR
]
- System error.
-
-
- [
PAM_USER_UNKNOWN
]
- Unknown user.
SEE ALSO
pam(3),
pam_strerror(3)
STANDARDS
X/Open Single Sign-On Service (XSSO) -
Pluggable Authentication Modules, June
1997.
AUTHORS
The
pam_acct_mgmt() function and this manual page were
developed for the
FreeBSD Project by ThinkSec AS and
Network Associates Laboratories, the Security Research Division of Network
Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
(“CBOSS”), as part of the DARPA CHATS research program.
The OpenPAM library is maintained by
Dag-Erling
Smørgrav
<
des@des.no>.