2N/A * The contents of this file are subject to the terms of the 2N/A * Common Development and Distribution License (the "License"). 2N/A * You may not use this file except in compliance with the License. 2N/A * See the License for the specific language governing permissions 2N/A * and limitations under the License. 2N/A * When distributing Covered Code, include this CDDL HEADER in each 2N/A * If applicable, add the following below this CDDL HEADER, with the 2N/A * fields enclosed by brackets "[]" replaced with your own identifying 2N/A * information: Portions Copyright [yyyy] [name of copyright owner] 2N/A * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved. 2N/A * Function Declarations 2N/A * check_for_login_inactivity - Check for login inactivity 2N/A * Read the last login (ll) time 2N/A "pam_unix_acct: pam_sm_acct_mgmt: " 2N/A "can't obtain last login info on uid %d " 2N/A /* Check for login inactivity */ 2N/A * account inactive too long. 2N/A * and no update password set 2N/A * and no last pwd change date in shadow file 2N/A * and last pwd change more than inactive time 2N/A * then account inactive too long and no access. 2N/A * Account inactive for too long 2N/A * new_password_check() 2N/A * check to see if the user needs to change their password 2N/A * We want to make sure that we change the password only if 2N/A * passwords are required for the system, the user does not 2N/A * have a password, AND the user's NULL password can be changed 2N/A * according to its password aging information 2N/A * perform_passwd_aging_check 2N/A * - Check for password exipration. 2N/A * if (sp_lstchg == 0), the administrator has forced the 2N/A /* If password aging is disabled (or min>max), all is well */ 2N/A /* Password aging is enabled. See if the password has aged */ 2N/A /* Password has aged. Has it aged more than idledays ? */ 2N/A /* idledays is configured */ 2N/A /* password has aged more that allowed for by IDLEWEEKS */ 2N/A "Your password has been expired for too long."),
2N/A "Please contact the system administrator."),
2N/A * warn_user_passwd_will_expire - warn the user when the password will 2N/A "Your password will expire within 24 hours."));
2N/A "Your password will expire in 1 day."));
2N/A "Your password will expire in %d days."),
2N/A * pam_sm_acct_mgmt - main account managment routine. 2N/A * Returns: module error or specific error on failure 2N/A -
1, -
1, -
1, -
1, -
1, -
1, 0};
2N/A "ACCOUNT:pam_sm_acct_mgmt: illegal option %s",
2N/A "pam_unix_account: entering pam_sm_acct_mgmt()");
2N/A * First get the password information 2N/A * if repository is not files|nis, and user wants server_policy, 2N/A * we don't care about aging and hence return PAM_IGNORE 2N/A * Now get the aging information 2N/A "pam_unix_account: %s: permission denied " 2N/A "to access password aging information. " 2N/A "%s Policy:Unix, pw=%s, lstchg=%d, min=%d, max=%d, " 2N/A "warn=%d, inact=%d, expire=%d",
2N/A * Check for locked account 2N/A "pam_unix_account: %s attempting to validate locked " 2N/A "account %s from %s",
2N/A * Check for NULL password and, if so, see if such is allowed 2N/A "pam_unix_account: %s: empty password not allowed for " 2N/A * Check for account expiration 2N/A * Check for excessive login account inactivity 2N/A * Check to see if the user needs to change their password 2N/A * Check to make sure password aging information is okay 2N/A * Finally, warn the user if their password is about to expire. 2N/A * All done, return Success 2N/A "pam_unix_account: %s: %s",
2N/A /* store the password aging status in the pam handle */