PAM_UNIX_ACCOUNT(5) Standards, Environments, and Macros PAM_UNIX_ACCOUNT(5)


NAME


pam_unix_account - PAM account management module for UNIX

SYNOPSIS


pam_unix_account.so.1


DESCRIPTION


pam_unix_account module implements pam_sm_acct_mgmt(), which provides
functionality to the PAM account management stack. The module provides
functions to validate that the user's account is not locked or expired
and that the user's password does not need to be changed. The module
retrieves account information from the configured databases in
nsswitch.conf(4).


The following options can be passed to the module:

debug
syslog(3C) debugging information at the LOG_DEBUG level


nowarn
Turn off warning messages


server_policy
If the account authority for the user, as specified by
PAM_USER, is a server, do not apply the Unix policy from
the passwd entry in the name service switch.


ERRORS


The following values are returned:

PAM_UNIX_ACCOUNT
User account has expired


PAM_AUTHTOK_EXPIRED
Password expired and no longer usable


PAM_BUF_ERR
Memory buffer error


PAM_IGNORE
Ignore module, not participating in result


PAM_NEW_AUTHTOK_REQD
Obtain new authentication token from the user


PAM_PERM_DENIED
The account is locked or has been inactive for
too long


PAM_SERVICE_ERR
Error in underlying service module


PAM_SUCCESS
The account is valid for use at this time


PAM_USER_UNKNOWN
No account is present for the user


ATTRIBUTES


See attributes(5) for descriptions of the following attributes:


+--------------------+-------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-------------------------+
|Interface Stability | Evolving |
+--------------------+-------------------------+
|MT Level | MT-Safe with exceptions |
+--------------------+-------------------------+

SEE ALSO


pam(3PAM), pam_authenticate(3PAM), syslog(3C), libpam(3LIB), pam.conf(4),
nsswitch.conf(4), attributes(5)

NOTES


The interfaces in libpam(3LIB) are MT-Safe only if each thread within the
multi-threaded application uses its own PAM handle.


Attempts to validate locked accounts are logged via syslog(3C) to the
LOG_AUTH facility with a LOG_NOTICE severity.


February 14, 2005 PAM_UNIX_ACCOUNT(5)