illumos: manual page: pam_unix

PAM_UNIX_ACCOUNT(7) Device and Network Interfaces PAM_UNIX_ACCOUNT(7)

NAME

pam_unix_account - PAM account management module for UNIX

SYNOPSIS

pam_unix_account.so.1

DESCRIPTION

pam_unix_account module implements pam_sm_acct_mgmt(), which provides
functionality to the PAM account management stack. The module provides
functions to validate that the user's account is not locked or expired
and that the user's password does not need to be changed. The module
retrieves account information from the configured databases in
nsswitch.conf(5).

The following options can be passed to the module:

debug
syslog(3C) debugging information at the LOG_DEBUG level

nowarn
Turn off warning messages

server_policy
If the account authority for the user, as specified by
PAM_USER, is a server, do not apply the Unix policy from
the passwd entry in the name service switch.

ERRORS

The following values are returned:

PAM_UNIX_ACCOUNT
User account has expired

PAM_AUTHTOK_EXPIRED
Password expired and no longer usable

PAM_BUF_ERR
Memory buffer error

PAM_IGNORE
Ignore module, not participating in result

PAM_NEW_AUTHTOK_REQD
Obtain new authentication token from the user

PAM_PERM_DENIED
The account is locked or has been inactive for
too long

PAM_SERVICE_ERR
Error in underlying service module

PAM_SUCCESS
The account is valid for use at this time

PAM_USER_UNKNOWN
No account is present for the user

ATTRIBUTES

NOTES