pam: bring back pam's account management implementation

[dorileo]

With this change users can get back to using these pam modules for their own custom pam configurations in a way to differentiate oslogin users (i.e. reported issue #123).

PS: These modules will not be automatically added to google's managed pam configurations by guest-agent.

[google-oss-prow[bot]]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dorileo

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/GoogleCloudPlatform/guest-oslogin/blob/master/OWNERS)~~ [dorileo] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

[dorileo]

/hold

[dorileo]

Is there a matching change to the Guest Agent? How will this PAM module be installed and managed?

The answer is in the commit message but I agree it's worth mentioning in the code:

With this change users can get back to using these pam modules for their own custom pam configurations in a way to differentiate oslogin users (i.e. reported issue https://github.com/GoogleCloudPlatform/guest-oslogin/issues/123). PS: These modules will not be automatically added to google's managed pam configurations by guest-agent.

[dorileo]

@ericdand

I added documentation to each of the functions mentioning the intended usage and that Guest Agent will not manage it's configuration. As to the other comments I resolved them since they don't apply.

Thanks, Leo

[ericdand]

Nice, that doc comment is great and clarifies a lot. I left a little note about the error messages in review; otherwise LGTM.

[ericdand]

/lgtm

[dorileo]

/unhold