te
Copyright (C) 2003, Sun Microsystems, Inc.
All Rights Reserved
The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
pam_unix_account - PAM account management module for UNIX

pam_unix_account.so.1

pam_unix_account module implements pam_sm_acct_mgmt(), which provides functionality to the PAM account management stack. The module provides functions to validate that the user's account is not locked or expired and that the user's password does not need to be changed. The module retrieves account information from the configured databases in nsswitch.conf(5).

The following options can be passed to the module: debug

nowarn server_policy

The following values are returned: PAM_UNIX_ACCOUNT

PAM_AUTHTOK_EXPIRED PAM_BUF_ERR PAM_IGNORE PAM_NEW_AUTHTOK_REQD PAM_PERM_DENIED PAM_SERVICE_ERR PAM_SUCCESS PAM_USER_UNKNOWN

See attributes(7) for descriptions of the following attributes:

ATTRIBUTE TYPE ATTRIBUTE VALUE

Interface Stability Evolving

MT Level MT-Safe with exceptions

syslog (3C), libpam (3LIB), pam (3PAM), pam_authenticate (3PAM), nsswitch.conf (5), pam.conf (5), attributes (7)

The interfaces in libpam(3LIB) are MT-Safe only if each thread within the multi-threaded application uses its own PAM handle.

Attempts to validate locked accounts are logged via syslog(3C) to the LOG_AUTH facility with a LOG_NOTICE severity.