[sudo-workers] ldap and password
Todd C. Miller
Todd.Miller at courtesan.com
Fri Aug 20 11:16:53 EDT 2004
In message <200408201546.13469.news at rennings.net>
so spake Markus Rennings (news):
> Ah, ok, but do you know any workaround? I have no expiration date in my ldap,
> so I don't know why pam returns _EXPIRED. As I said in my last mail login
> works as expected - therefore I think my pam works with ldap.
You can back out revision 1.43 of auth/pam.c and pam_acct_mgmt()
will not be called.
- todd
Index: pam.c
===================================================================
RCS file: /home/cvs/courtesan/sudo/auth/pam.c,v
retrieving revision 1.43
retrieving revision 1.42
diff -u -r1.43 -r1.42
--- pam.c 28 Jun 2004 14:51:50 -0000 1.43
+++ pam.c 7 Jun 2004 00:02:56 -0000 1.42
@@ -116,32 +116,7 @@
*pam_status = pam_authenticate(pamh, PAM_SILENT);
switch (*pam_status) {
case PAM_SUCCESS:
- *pam_status = pam_acct_mgmt(pamh, PAM_SILENT);
- switch (*pam_status) {
- case PAM_SUCCESS:
- return(AUTH_SUCCESS);
- case PAM_AUTH_ERR:
- log_error(NO_EXIT|NO_MAIL, "pam_acct_mgmt: %d",
- *pam_status);
- return(AUTH_FAILURE);
- case PAM_NEW_AUTHTOK_REQD:
- log_error(NO_EXIT|NO_MAIL, "%s, %s"
- "Account or password is expired",
- "reset your password and try again");
- *pam_status = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
- if (*pam_status == PAM_SUCCESS)
- return(AUTH_SUCCESS);
- if ((s = pam_strerror(pamh, *pam_status)))
- log_error(NO_EXIT|NO_MAIL, "pam_chauthtok: %s",s);
- return(AUTH_FAILURE);
- case PAM_ACCT_EXPIRED:
- log_error(NO_EXIT|NO_MAIL, "%s, %s"
- "Account or password is expired",
- "contact your system administrator");
- /* FALLTHROUGH */
- default:
- return(AUTH_FAILURE);
- }
+ return(AUTH_SUCCESS);
case PAM_AUTH_ERR:
case PAM_MAXTRIES:
return(AUTH_FAILURE);
More information about the sudo-workers
mailing list