granicus.if.org Git - linux-pam/blob - doc/man/pam_acct_mgmt.3.xml

   1 <?xml version="1.0" encoding="UTF-8"?>
   2 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
   3                    "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
   4 <refentry id='pam_acct_mgmt'>
   5   <refmeta>
   6     <refentrytitle>pam_acct_mgmt</refentrytitle>
   7     <manvolnum>3</manvolnum>
   8     <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
   9   </refmeta>
  10
  11   <refnamediv id="pam_acct_mgmt-name">
  12     <refname>pam_acct_mgmt</refname>
  13     <refpurpose>PAM account validation management</refpurpose>
  14   </refnamediv>
  15
  16 <!-- body begins here -->
  17
  18   <refsynopsisdiv>
  19     <funcsynopsis id='pam_acct_mgmt-synopsis'>
  20       <funcsynopsisinfo>#include &lt;security/pam_appl.h&gt;</funcsynopsisinfo>
  21       <funcprototype>
  22         <funcdef>int <function>pam_acct_mgmt</function></funcdef>
  23         <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef>
  24         <paramdef>int <parameter>flags</parameter></paramdef>
  25       </funcprototype>
  26     </funcsynopsis>
  27   </refsynopsisdiv>
  28
  29
  30   <refsect1 id='pam_acct_mgmt-description'>
  31     <title>DESCRIPTION</title>
  32     <para>
  33       The <function>pam_acct_mgmt</function> function is used to determine
  34       if the users account is valid. It checks for authentication token
  35       and account expiration and verifies access restrictions. It is
  36       typically called after the user has been authenticated.
  37     </para>
  38     <para>
  39       The <emphasis>pamh</emphasis> argument is an authentication
  40       handle obtained by a prior call to pam_start().
  41       The flags argument is the binary or of zero or more of the
  42       following values:
  43     </para>
  44     <variablelist>
  45       <varlistentry>
  46         <term>PAM_SILENT</term>
  47         <listitem>
  48            <para>
  49              Do not emit any messages.
  50           </para>
  51         </listitem>
  52       </varlistentry>
  53       <varlistentry>
  54         <term>PAM_DISALLOW_NULL_AUTHTOK</term>
  55         <listitem>
  56           <para>
  57             The PAM module service should return PAM_NEW_AUTHTOK_REQD
  58             if the user has a null authentication token.
  59           </para>
  60         </listitem>
  61       </varlistentry>
  62     </variablelist>
  63   </refsect1>
  64
  65   <refsect1 id="pam_acct_mgmt-return_values">
  66     <title>RETURN VALUES</title>
  67     <variablelist>
  68       <varlistentry>
  69         <term>PAM_ACCT_EXPIRED</term>
  70         <listitem>
  71            <para>
  72              User account has expired.
  73           </para>
  74         </listitem>
  75       </varlistentry>
  76       <varlistentry>
  77         <term>PAM_AUTH_ERR</term>
  78         <listitem>
  79           <para>
  80             Authentication failure.
  81           </para>
  82         </listitem>
  83       </varlistentry>
  84       <varlistentry>
  85         <term>PAM_NEW_AUTHTOK_REQD</term>
  86         <listitem>
  87           <para>
  88             The user account is valid but their authentication token
  89             is <emphasis>expired</emphasis>. The correct response to
  90             this return-value is to require that the user satisfies
  91             the <function>pam_chauthtok()</function> function before
  92             obtaining service. It may not be possible for some
  93             applications to do this. In such cases, the user should be
  94             denied access until such time as they can update their password.
  95           </para>
  96         </listitem>
  97       </varlistentry>
  98       <varlistentry>
  99         <term>PAM_PERM_DENIED</term>
 100         <listitem>
 101           <para>
 102             Permission denied.
 103           </para>
 104         </listitem>
 105       </varlistentry>
 106       <varlistentry>
 107         <term>PAM_SUCCESS</term>
 108         <listitem>
 109            <para>
 110              The authentication token was successfully updated.
 111           </para>
 112         </listitem>
 113       </varlistentry>
 114       <varlistentry>
 115         <term>PAM_USER_UNKNOWN</term>
 116         <listitem>
 117           <para>
 118             User unknown to password service.
 119           </para>
 120         </listitem>
 121       </varlistentry>
 122     </variablelist>
 123   </refsect1>
 124
 125   <refsect1 id='pam_acct_mgmt-see_also'>
 126     <title>SEE ALSO</title>
 127     <para>
 128       <citerefentry>
 129         <refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum>
 130       </citerefentry>,
 131       <citerefentry>
 132         <refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum>
 133       </citerefentry>,
 134       <citerefentry>
 135         <refentrytitle>pam_chauthtok</refentrytitle><manvolnum>3</manvolnum>
 136       </citerefentry>,
 137       <citerefentry>
 138         <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum>
 139       </citerefentry>,
 140       <citerefentry>
 141         <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
 142       </citerefentry>
 143     </para>
 144   </refsect1>
 145 </refentry>