[ Previous | Next | Table of Contents | Index | Library Home | Legal | Search ]

Technical Reference: Base Operating System and Extensions, Volume 1

ckuseracct Subroutine


Checks the validity of a user account.


Security Library (libc.a)


#include <login.h>

int ckuseracct ( Name Mode TTY)
char *Name;
int Mode;
char *TTY;


Note: This subroutine is obsolete and is provided only for backwards compatibility. Use the loginrestrictions subroutine, which performs a superset of the functions of the ckuseracct subroutine, instead.

The ckuseracct subroutine checks the validity of the user account specified by the Name parameter. The Mode parameter gives the mode of the account usage, and the TTY parameter defines the terminal being used for the access. The ckuseracct subroutine checks for the following conditions:

The Mode parameter specifies other mode-specific checks.


Name Specifies the login name of the user whose account is to be validated.
Mode Specifies the manner of usage. Valid values as defined in the login.h file are listed below. The Mode parameter must be one of these or 0:

Verifies that local logins are permitted for this account.

Verifies that the su command is permitted and that the current process has a group ID that can invoke the su command to switch to the account.

Verifies the account can be used to invoke daemon or batch programs using the src or cron subsystems.

Verifies the account can be used for remote logins using the rlogind or telnetd programs.
TTY Specifies the terminal of the originating activity. If this parameter is a null pointer or a null string, no TTY origin checking is done.


Files Accessed:  

Mode File
r /etc/passwd
r /etc/security/user

Return Values

If the account is valid for the specified usage, the ckuseracct subroutine returns a value of 0. Otherwise, a value of -1 is returned and the errno global variable is set to the appropriate error code.

Error Codes

The ckuseracct subroutine fails if one or more of the following are true:

ENOENT The user specified in the Name parameter does not have an account.
ESTALE The user's account is expired.
EACCES The specified terminal does not have access to the specified account.
EACCES The Mode parameter is S_SU, and the current process is not permitted to use the su command to access the specified user.
EACCES Access to the account is not permitted in the specified Mode.
EINVAL The Mode parameter is not one of S_LOGIN, S_SU, S_DAEMON, S_RLOGIN.

Implementation Specifics

This subroutine is part of Base Operating System (BOS) Runtime.

Related Information

The ckuserID (ckuserID Subroutine) subroutine, getpcred (getpcred Subroutine) subroutine, getpenv (getpenv Subroutine) subroutine, setpcred subroutine, setpenv subroutine.

The login command, rlogin command, su command, telnet command.

The cron daemon.

List of Security and Auditing Subroutines and Subroutines Overview in AIX 5L Version 5.1 General Programming Concepts: Writing and Debugging Programs.

[ Previous | Next | Table of Contents | Index | Library Home | Legal | Search ]