2N/A * The contents of this file are subject to the terms of the 2N/A * Common Development and Distribution License, Version 1.0 only 2N/A * (the "License"). You may not use this file except in compliance 2N/A * See the License for the specific language governing permissions 2N/A * and limitations under the License. 2N/A * When distributing Covered Code, include this CDDL HEADER in each 2N/A * If applicable, add the following below this CDDL HEADER, with the 2N/A * fields enclosed by brackets "[]" replaced with your own identifying 2N/A * information: Portions Copyright [yyyy] [name of copyright owner] 2N/A * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 2N/A * Use is subject to license terms. 2N/A#
pragma ident "%Z%%M% %I% %E% SMI" 2N/A * warn_user_passwd_will_expire - warn the user when the password will 2N/A "Your password will expire within one hour."));
2N/A "Your password will expire in %d hours."),
2N/A "Your password will expire in %d days."),
2N/A * display_acct_unlock_time - Display the time left for the account to 2N/A * get auto unlocked after the maximum login failures has reached. 2N/A /* Account is locked forever */ 2N/A "Your account is locked, please contact administrator."));
2N/A "Your account is locked and will be unlocked" 2N/A " within one hour."));
2N/A "Your account is locked and will be unlocked" 2N/A "Your account is locked and will be unlocked" 2N/A * warn_user_passwd_expired - warn the user that the password has expired 2N/A "Your password has expired. " 2N/A "Number of grace logins allowed are %d."),
2N/A "Your password has expired."));
2N/A * display_passwd_reset_msg - tell user that password has been reset by 2N/A "Your password has been reset by administrator."));
2N/A * Retreives account management related attributes for the user using 2N/A * default binding and does local account checks . 2N/A * Return Value: PAM_SUCCESS - If account is valid, seconds param will have 2N/A * seconds left for password to expire 2N/A * PAM_ACCT_EXPIRED - If account is inactive 2N/A * PAM_NEW_AUTHTOK_REQD - Password is reset by admin 2N/A * PAM_AUTHTOK_EXPIRED - User password has expired, grace 2N/A * param will have no. of grace logins allowed 2N/A * PAM_MAXTRIES - If maximum failure of wrong password has reached 2N/A * seconds param will have no. of seconds for the 2N/A * account to get unlocked 2N/A * PAM_AUTH_ERR - Failure return code 2N/A /* get the values for local account checking */ 2N/A "__ns_ldap_getAcctMgmt() failed for %s with error %d",
2N/A /* should be able to login */ 2N/A /* entry inactive */ 2N/A /* password reset by administrator */ 2N/A * password expired, check for grace logins. 2N/A /* max failures reached, seconds before unlock */ 2N/A * pam_sm_acct_mgmt main account managment routine. 2N/A * This routine relies on the LDAP 2N/A * directory server to provide the 2N/A * password aging and account lockout 2N/A * information. This is done by first 2N/A * trying to authenticate the user and 2N/A * then checking the password status 2N/A * Returns: module error or specific 2N/A "pam_ldap pam_sm_acct_mgmt: " 2N/A "illegal option %s",
2N/A "ldap pam_sm_acct_mgmt(%s), flags = %x %s",
2N/A /* retrieve the password from the PAM handle */ 2N/A /* Do local account checking */ 2N/A /* Try to authenticate to get password management info */ 2N/A * process the password management info. 2N/A * If user needs to change the password immediately, 2N/A * just return the rc. 2N/A * Otherwise, reset rc to the appropriate PAM error or 2N/A * warn the user about password expiration. 2N/A /* exceed retry limit, denied access to account */ 2N/A /* account is inactivated */ 2N/A /* password expired, check for grace logins */ 2N/A /* password has been reset by administrator */ 2N/A * warn the user if the password 2N/A * is about to expire. 2N/A /* store the password aging status in the pam handle */