'\" te
.\" Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
.TH pam_acct_mgmt 3PAM "13 Oct 1998" "SunOS 5.11" "PAM Library Functions"
.SH NAME
pam_acct_mgmt \- perform PAM account validation procedures
.SH SYNOPSIS
.LP
.nf
\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lpam\fR [ \fIlibrary\fR ... ]
#include <security/pam_appl.h>

\fBint\fR \fBpam_acct_mgmt\fR(\fBpam_handle_t *\fR\fIpamh\fR, \fBint\fR \fIflags\fR);
.fi

.SH DESCRIPTION
.sp
.LP
The \fBpam_acct_mgmt()\fR function is called to determine if the current authenticated user's account is valid. This includes the following checks:
.RS +4
.TP
.ie t \(bu
.el o
Password expiry
.RE
.RS +4
.TP
.ie t \(bu
.el o
If the password needs to be changed
.RE
.RS +4
.TP
.ie t \(bu
.el o
Account expiry
.RE
.RS +4
.TP
.ie t \(bu
.el o
Account inactivity
.RE
.RS +4
.TP
.ie t \(bu
.el o
If the account is locked
.RE
.RS +4
.TP
.ie t \(bu
.el o
The \fB/etc/nologin\fR file is not present for non-root users (see \fBnologin\fR(4))
.RE
.sp
.LP
The \fBpam_acct_mgmt()\fR function is typically called after the user has been authenticated with \fBpam_authenticate\fR(3PAM).
.sp
.LP
The \fIpamh\fR argument is an authentication handle obtained by a prior call to \fBpam_start()\fR. The following flags may be set in the \fIflags\fR field:
.sp
.ne 2
.mk
.na
\fB\fBPAM_SILENT\fR\fR
.ad
.RS 29n
.rt  
The account management service should not generate any messages.
.RE

.sp
.ne 2
.mk
.na
\fB\fBPAM_DISALLOW_NULL_AUTHTOK\fR\fR
.ad
.RS 29n
.rt  
The account management service should return \fBPAM_NEW_AUTHTOK_REQD\fR if the user has a null authentication token.
.RE

.SH RETURN VALUES
.sp
.LP
Upon successful completion,  \fBPAM_SUCCESS\fR is returned. In addition to the error return values described in \fBpam\fR(3PAM), the following values may be returned:
.sp
.ne 2
.mk
.na
\fB\fBPAM_USER_UNKNOWN\fR\fR
.ad
.RS 24n
.rt  
User not known to underlying account management module.
.RE

.sp
.ne 2
.mk
.na
\fB\fBPAM_AUTH_ERR\fR\fR
.ad
.RS 24n
.rt  
Authentication failure.
.RE

.sp
.ne 2
.mk
.na
\fB\fBPAM_NEW_AUTHTOK_REQD\fR\fR
.ad
.RS 24n
.rt  
New authentication token required. This is normally returned if the machine security policies require that the password should be changed because the password is  \fBNULL\fR or has aged.
.RE

.sp
.ne 2
.mk
.na
\fB\fBPAM_ACCT_EXPIRED\fR\fR
.ad
.RS 24n
.rt  
User account has expired.
.RE

.sp
.ne 2
.mk
.na
\fB\fBPAM_LOGINS_DISABLED\fR\fR
.ad
.RS 24n
.rt  
Logins for non-root users are disabled due to the presence of the \fB/etc/nologin\fR file. See \fBnologin\fR(4)
.RE

.SH ATTRIBUTES
.sp
.LP
See \fBattributes\fR(5) for description of the following attributes:
.sp

.sp
.TS
tab() box;
cw(2.75i) |cw(2.75i) 
lw(2.75i) |lw(2.75i) 
.
ATTRIBUTE TYPEATTRIBUTE VALUE
_
Interface StabilityCommitted
_
MT-LevelMT-Safe with exceptions
.TE

.SH SEE ALSO
.sp
.LP
\fBpam\fR(3PAM), \fBpam_authenticate\fR(3PAM), \fBpam_start\fR(3PAM), \fBlibpam\fR(3LIB), \fBattributes\fR(5)
.SH NOTES
.sp
.LP
The interfaces in  \fBlibpam\fR are MT-Safe only if each thread within the multithreaded application uses its own \fBPAM\fR handle.