114 lines
3.0 KiB
Groff
114 lines
3.0 KiB
Groff
.\" $XConsortium: pam_sm_acct_mgmt.3 /main/5 1996/10/29 15:19:45 drk $
|
|
.\" Sccs id goes here
|
|
'\"macro stdmacro
|
|
.\" Copyright (c) 1995, Sun Microsystems, Inc.
|
|
.\" All Rights Reserved
|
|
.\" Don't forget to enter .IX index entries for each function.
|
|
.nr X
|
|
.TH pam_sm_acct_mgmt 3 "9 Jan 1996"
|
|
.SH NAME
|
|
pam_sm_acct_mgmt
|
|
\- Service provider implementation for pam_acct_mgmt
|
|
.SH SYNOPSIS
|
|
.LP
|
|
.B cc
|
|
.RI "[ " "flag" " \|.\|.\|. ] " "file" " \|.\|.\|."
|
|
.B \-lpam
|
|
.RI "[ " "library" " \|.\|.\|. ]"
|
|
.LP
|
|
.nf
|
|
.ft 3
|
|
#include <security/pam_appl.h>
|
|
#include <security/pam_modules.h>
|
|
.ft
|
|
.fi
|
|
.LP
|
|
.BI "int pam_sm_acct_mgmt(pam_handle_t *" "pamh" ,
|
|
.BI "int " "flags" ,
|
|
.BI "int " "argc",
|
|
.BI "const char **" "argv" );
|
|
.SH DESCRIPTION
|
|
.IX "pam_sm_acct_mgmt" "" "\fLpam_sm_acct_mgmt\fP \(em account management"
|
|
In response to a call to
|
|
.BR pam_acct_mgmt (3),
|
|
the PAM framework calls
|
|
.B pam_sm_acct_mgmt(\|)
|
|
from the modules listed in the
|
|
.BR pam.conf (4)
|
|
file.
|
|
The account management provider supplies the back-end functionality for
|
|
this interface function.
|
|
The applications should not call this API directly.
|
|
.PP
|
|
The function,
|
|
.BR pam_sm_acct_mgmt(\|) ,
|
|
determines whether the current user's account and password are valid.
|
|
This includes checking for password
|
|
and account expiration, valid log-in times, etc.
|
|
The user in question is specified by a prior call to
|
|
.BR pam_start(\|) ,
|
|
and is referenced by the authentication handle,
|
|
.IR pamh,
|
|
which is passed as the first argument to
|
|
.B pam_sm_acct_mgmt(\|).
|
|
The following flags may be set in the
|
|
.IR flags
|
|
field:
|
|
.RS
|
|
.IP PAM_SILENT 30
|
|
The account management service should not generate any messages
|
|
.IP PAM_DISALLOW_NULL_AUTHTOK 30
|
|
The account management service should return PAM_AUTHTOKEN_REQD
|
|
if the user has a null authentication token
|
|
.RE
|
|
.PP
|
|
The
|
|
.I argc
|
|
argument
|
|
represents the number of module options passed in from the configuration file
|
|
.BR pam.conf (4).
|
|
.I argv
|
|
specifies the module options, which are interpreted and processed
|
|
by the account management service. Please refer to the specific
|
|
module man pages for the various available
|
|
.I options.
|
|
If an unknown option is passed to the module, an error should be
|
|
logged through
|
|
.BR syslog (3)
|
|
and the option ignored.
|
|
.PP
|
|
If an account management module determines that the user
|
|
password has aged or expired, it should save this information
|
|
as state in the authentication handle,
|
|
.I pamh,
|
|
using
|
|
.BR pam_set_data(\|) .
|
|
.B pam_chauthok(\|)
|
|
uses this information to determine which passwords have
|
|
expired.
|
|
.SH "RETURN VALUES"
|
|
.PP
|
|
If there are no restrictions to logging in, PAM_SUCCESS is returned.
|
|
The following error values may also be returned upon error:
|
|
.RS
|
|
.IP PAM_USER_UNKNOWN 30
|
|
User not known to underlying authentication module
|
|
.IP PAM_AUTHTOKEN_REQD 30
|
|
New authentication token required
|
|
.IP PAM_ACCT_EXPIRED 30
|
|
User account has expired
|
|
.IP PAM_PERM_DENIED 30
|
|
User denied access to account at this time
|
|
.IP PAM_IGNORE 30
|
|
Ignore underlying account module regardless of whether the control
|
|
flag is
|
|
.I required, optional
|
|
or
|
|
.I sufficient
|
|
.RE
|
|
.SH "SEE ALSO"
|
|
.BR pam (3),
|
|
.BR pam_acct_mgmt (3),
|
|
.BR syslog (3),
|
|
.BR pam.conf (4)
|