The pam_acct_mgmt function is used to determine if the user's account
is valid. It checks for authentication token and account expiration
and verifies access restrictions. It is typically called after the
user has been authenticated.
The pamh argument is an authentication handle obtained by a prior
call to pam_start(). The flags argument is the binary or of zero or
more of the following values:
Do not emit any messages.
The PAM module service should return PAM_NEW_AUTHTOK_REQD if the
user has a null authentication token.
User account has expired.
The user account is valid but their authentication token is
expired. The correct response to this return-value is to require
that the user satisfies the pam_chauthtok() function before
obtaining service. It may not be possible for some applications
to do this. In such cases, the user should be denied access until
such time as they can update their password.
The authentication token was successfully updated.
User unknown to password service.
This page is part of the linux-pam (Pluggable Authentication Modules
for Linux) project. Information about the project can be found at
⟨https://fedorahosted.org/linux-pam/⟩. If you have a bug report for
this manual page, see ⟨https://fedorahosted.org/linux-pam/report⟩.
This page was obtained from the tarball Linux-PAM-1.3.0.tar.gz
fetched from ⟨http://www.linux-pam.org/library/⟩ on 2017-03-13. If
you discover any rendering problems in this HTML version of the page,
or you believe there is a better or more up-to-date source for the
page, or you have corrections or improvements to the information in
this COLOPHON (which is not part of the original manual page), send a
mail to email@example.com
Linux-PAM Manual 04/01/2016 PAM_ACCT_MGMT(3)