PAM_UNIX_ACCOUNT(7) Standards, Environments, and Macros PAM_UNIX_ACCOUNT(7)
NAME
pam_unix_account - PAM account management module for UNIX
SYNOPSIS
pam_unix_account.so.1DESCRIPTION
The
pam_unix_account module implements
pam_sm_acct_mgmt(3PAM), which
provides functionality to the
PAM account management stack. The module
provides functions to validate that the user's account is not locked or
expired and that the user's password does not need to be changed. The
module retrieves account information from the configured databases in
nsswitch.conf(5).
The following options can be passed to the module:
debug syslog(3C) debugging information at the
LOG_DEBUG level
nowarn Turn off warning messages
server_policy If the account authority for the user, as specified by
PAM_USER, is a server, do not apply the Unix policy from
the passwd entry in the name service switch.
ERRORS
The following values are returned:
PAM_ACCT_EXPIRED User account has expired
PAM_AUTHTOK_EXPIRED Password expired and no longer usable
PAM_BUF_ERR Memory buffer error
PAM_IGNORE Ignore module, not participating in result
PAM_NEW_AUTHTOK_REQD Obtain new authentication token from the user
PAM_PERM_DENIED The account is locked or has been inactive for
too long
PAM_SERVICE_ERR Error in underlying service module
PAM_SUCCESS The account is valid for use at this time
PAM_USER_UNKNOWN No account is present for the user
ATTRIBUTES
See
attributes(7) for descriptions of the following attributes:
+--------------------+-------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-------------------------+
|Interface Stability | Evolving |
+--------------------+-------------------------+
|MT Level | MT-Safe with exceptions |
+--------------------+-------------------------+
SEE ALSO
syslog(3C),
libpam(3LIB),
pam(3PAM),
pam_authenticate(3PAM),
pam_sm_acct_mgmt(3PAM),
nsswitch.conf(5),
pam.conf(5),
attributes(7)NOTES
The interfaces in
libpam(3LIB) are MT-Safe only if each thread within the
multi-threaded application uses its own PAM handle.
Attempts to validate locked accounts are logged via
syslog(3C) to the
LOG_AUTH facility with a
LOG_NOTICE severity.
August 19, 2023
PAM_UNIX_ACCOUNT(7)