PAM_UNIX_ACCOUNT(7) Standards, Environments, and Macros PAM_UNIX_ACCOUNT(7)
pam_unix_account - PAM account management module for UNIX
pam_unix_account.so.1
The pam_unix_account module implements pam_sm_acct_mgmt(3PAM), which
provides functionality to the PAM account management stack. The
module provides functions to validate that the user's account is not
locked or expired and that the user's password does not need to be
changed. The module retrieves account information from the configured
databases in nsswitch.conf(5).
The following options can be passed to the module:
debug
syslog(3C) debugging information at the LOG_DEBUG
level
nowarn
Turn off warning messages
server_policy
If the account authority for the user, as specified
by PAM_USER, is a server, do not apply the Unix
policy from the passwd entry in the name service
switch.
The following values are returned:
PAM_ACCT_EXPIRED
User account has expired
PAM_AUTHTOK_EXPIRED
Password expired and no longer usable
PAM_BUF_ERR
Memory buffer error
PAM_IGNORE
Ignore module, not participating in result
PAM_NEW_AUTHTOK_REQD
Obtain new authentication token from the user
PAM_PERM_DENIED
The account is locked or has been inactive
for too long
PAM_SERVICE_ERR
Error in underlying service module
PAM_SUCCESS
The account is valid for use at this time
PAM_USER_UNKNOWN
No account is present for the user
See attributes(7) for descriptions of the following attributes:
+--------------------+-------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-------------------------+
|Interface Stability | Evolving |
+--------------------+-------------------------+
|MT Level | MT-Safe with exceptions |
+--------------------+-------------------------+
syslog(3C), libpam(3LIB), pam(3PAM), pam_authenticate(3PAM),
pam_sm_acct_mgmt(3PAM), nsswitch.conf(5), pam.conf(5), attributes(7)
The interfaces in libpam(3LIB) are MT-Safe only if each thread within
the multi-threaded application uses its own PAM handle.
Attempts to validate locked accounts are logged via syslog(3C) to the
LOG_AUTH facility with a LOG_NOTICE severity.
August 19, 2023 PAM_UNIX_ACCOUNT(7)
NAME
pam_unix_account - PAM account management module for UNIX
SYNOPSIS
pam_unix_account.so.1
DESCRIPTION
The pam_unix_account module implements pam_sm_acct_mgmt(3PAM), which
provides functionality to the PAM account management stack. The
module provides functions to validate that the user's account is not
locked or expired and that the user's password does not need to be
changed. The module retrieves account information from the configured
databases in nsswitch.conf(5).
The following options can be passed to the module:
debug
syslog(3C) debugging information at the LOG_DEBUG
level
nowarn
Turn off warning messages
server_policy
If the account authority for the user, as specified
by PAM_USER, is a server, do not apply the Unix
policy from the passwd entry in the name service
switch.
ERRORS
The following values are returned:
PAM_ACCT_EXPIRED
User account has expired
PAM_AUTHTOK_EXPIRED
Password expired and no longer usable
PAM_BUF_ERR
Memory buffer error
PAM_IGNORE
Ignore module, not participating in result
PAM_NEW_AUTHTOK_REQD
Obtain new authentication token from the user
PAM_PERM_DENIED
The account is locked or has been inactive
for too long
PAM_SERVICE_ERR
Error in underlying service module
PAM_SUCCESS
The account is valid for use at this time
PAM_USER_UNKNOWN
No account is present for the user
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
+--------------------+-------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-------------------------+
|Interface Stability | Evolving |
+--------------------+-------------------------+
|MT Level | MT-Safe with exceptions |
+--------------------+-------------------------+
SEE ALSO
syslog(3C), libpam(3LIB), pam(3PAM), pam_authenticate(3PAM),
pam_sm_acct_mgmt(3PAM), nsswitch.conf(5), pam.conf(5), attributes(7)
NOTES
The interfaces in libpam(3LIB) are MT-Safe only if each thread within
the multi-threaded application uses its own PAM handle.
Attempts to validate locked accounts are logged via syslog(3C) to the
LOG_AUTH facility with a LOG_NOTICE severity.
August 19, 2023 PAM_UNIX_ACCOUNT(7)