pam_acct_mgmt

Name

pam_acct_mgmt -- establish the status of a user's account

Synopsis

#include <security/pam_appl.h>

int pam_acct_mgmt(pam_handle_t * pamh, int flags);

Description

pam_acct_mgmt() establishes the account's usability and the user's accessibility to the system. It is typically called after the user has been authenticated.

flags may be specified as any valid flag (namely, one of those applicable to the flags argument of pam_authenticate()). Additionally, the value of flags may be logically or'd with PAM_SILENT.

Return Value

PAM_SUCCESS 

Success.

PAM_NEW_AUTHTOK_REQD 

User is valid, but user's authentication token has expired. The correct response to this return-value is to require that the user satisfy the pam_chauthtok() function before obtaining service. It may not be possible for an application to do this. In such a case, the user should be denied access until the account password is updated.

PAM_ACCT_EXPIRED 

User is no longer permitted access to the system.

PAM_AUTH_ERR 

Authentication error.

PAM_PERM_DENIED 

User is not permitted to gain access at this time.

PAM_USER_UNKNOWN 

User is not known to a module's account management component.

Note: Errors may be translated to text with pam_strerror().