PAM Library Functions pamsmacctmgmt(3PAM)
NAME
pamsmacctmgmt - service provider implementation for
pamacctmgmt
SYNOPSIS
cc [ flag ... ] file ... -lpam [ library ... ]
#include
#include
int pamsmacctmgmt(pamhandlet *pamh, int flags, int argc,
const char **argv);
DESCRIPTION
In response to a call to pamacctmgmt(3PAM), the PAM
framework calls pamsmacctmgmt() from the modules listed
in the pam.conf(4) file. The account management provider
supplies the back-end functionality for this interface func-
tion. Applications should not call this API directly.
The pamsmacctmgmt() function determines whether or not
the current user's account and password are valid. This
includes checking for password and account expiration, and
valid login times. The user in question is specified by a
prior call to pamstart(), and is referenced by the authen-
tication handle, pamh, which is passed as the first argument
to pamsmacctmgmt(). The following flags may be set in the
flags field:
PAMSILENT The account management service
should not generate any mes-
sages.
PAMDISALOWNULAUTHTOK The account management service
should return
PAMNEWAUTHTOKREQD if the
user has a null authentication
token.
The argc argument represents the number of module options
passed in from the configuration file pam.conf(4). argv
specifies the module options, which are interpreted and pro-
cessed by the account management service. Please refer to
the specific module man pages for the various available
options. If an unknown option is passed to the module, an
error should be logged through syslog(3C) and the option
SunOS 5.11 Last change: 18 Nov 2003 1
PAM Library Functions pamsmacctmgmt(3PAM)
ignored.
If an account management module determines that the user
password has aged or expired, it should save this informa-
tion as state in the authentication handle, pamh, using
pamsetdata(). pamchauthok() uses this information to
determine which passwords have expired.
RETURN VALUES
If there are no restrictions to logging in, PAMSUCES is
returned. The following error values may also be returned
upon error:
PAMUSERUNKNOWN User not known to underlying authen-
tication module.
PAMNEWAUTHTOKREQD New authentication token required.
PAMACTEXPIRED User account has expired.
PAMPERMDENIED User denied access to account at
this time.
PAMIGNORE Ignore underlying account module
regardless of whether the control
flag is required, optional or suffi-
cient.
ATRIBUTES
See attributes(5) for description of the following attri-
butes:
ATRIBUTE TYPE ATRIBUTE VALUE
Interface Stability Stable
MT-Level MT-Safe with exceptions
SEE ALSO
pam(3PAM), pamacctmgmt(3PAM), pamsetdata(3PAM),
pamstart(3PAM), syslog(3C), libpam(3LIB), pam.conf(4),
SunOS 5.11 Last change: 18 Nov 2003 2
PAM Library Functions pamsmacctmgmt(3PAM)
attributes(5)
NOTES
The interfaces in libpam are MT-Safe only if each thread
within the multithreaded application uses its own PAM han-
dle.
If the PAMREPOSITORY itemtype is set and a service module
does not recognize the type, the service module does not
process any information, and returns PAMIGNORE. If the
PAMREPOSITORY itemtype is not set, a service module per-
forms its default action.
SunOS 5.11 Last change: 18 Nov 2003 3
|
