xref: /illumos-gate/usr/src/man/man7/pam_unix_account.7 (revision 10a40e179c111088c21d8e895198ac95dcb83d14) 
 te
 Copyright (C) 2003, Sun Microsystems, Inc.
 All Rights Reserved
 The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
 When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
 PAM_UNIX_ACCOUNT 7 "August 19, 2023"
 NAME
pam_unix_account - PAM account management module for UNIX

 SYNOPSIS
pam_unix_account.so.1




 DESCRIPTION
The pam_unix_account module implements pam_sm_acct_mgmt(3PAM), which
provides functionality to the PAM account management stack. The module
provides functions to validate that the user's account is not locked or expired
and that the user's password does not need to be changed. The module retrieves
account information from the configured databases in nsswitch.conf(5).


The following options can be passed to the module:
debug


syslog(3C) debugging information at the LOG_DEBUG level



nowarn


Turn off warning messages



server_policy


If the account authority for the user, as specified by PAM_USER, is a
server, do not apply the Unix policy from the passwd entry in the name service
switch.




 ERRORS
The following values are returned:
PAM_ACCT_EXPIRED


User account has expired



PAM_AUTHTOK_EXPIRED


Password expired and no longer usable



PAM_BUF_ERR


Memory buffer error



PAM_IGNORE


Ignore module, not participating in result



PAM_NEW_AUTHTOK_REQD


Obtain new authentication token from the user



PAM_PERM_DENIED


The account is locked or has been inactive for too long



PAM_SERVICE_ERR


Error in underlying service module



PAM_SUCCESS


The account is valid for use at this time



PAM_USER_UNKNOWN


No account is present for the user




 ATTRIBUTES
See attributes(7) for descriptions of the following attributes:






ATTRIBUTE TYPE ATTRIBUTE VALUE
Interface Stability Evolving
MT Level MT-Safe with exceptions



 SEE ALSO
 syslog (3C),  libpam (3LIB),  pam (3PAM),  pam_authenticate (3PAM),  pam_sm_acct_mgmt (3PAM),  nsswitch.conf (5),  pam.conf (5),  attributes (7) 
 NOTES
The interfaces in libpam(3LIB) are MT-Safe only if each thread within the
multi-threaded application uses its own PAM handle.


Attempts to validate locked accounts are logged via syslog(3C) to the
LOG_AUTH facility with a LOG_NOTICE severity.