projects / packages / util-linux.git / blame
| Commit | Line | Data |
|---|---|---|
| 5545a732 JR |
1 | - login omits pam_acct_mgmt & pam_chauthtok when authentication is skipped |
| 2 | ||
| 3 | --- util-linux-2.13-pre6/login-utils/login.c.acct 2006-02-22 21:43:03.000000000 +0100 | |
| 4 | +++ util-linux-2.13-pre6/login-utils/login.c 2006-02-22 21:57:55.000000000 +0100 | |
| 5 | @@ -602,16 +602,22 @@ | |
| 6 | pam_end(pamh, retcode); | |
| 7 | exit(0); | |
| 8 | } | |
| 9 | + } | |
| 10 | ||
| 11 | - retcode = pam_acct_mgmt(pamh, 0); | |
| 12 | - | |
| 13 | - if(retcode == PAM_NEW_AUTHTOK_REQD) { | |
| 14 | - retcode = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK); | |
| 15 | - } | |
| 16 | + /* | |
| 17 | + * Authentication may be skipped (for example, during krlogin, rlogin, etc...), | |
| 18 | + * but it doesn't mean that we can skip other account checks. The account | |
| 19 | + * could be disabled or password expired (althought kerberos ticket is valid). | |
| 20 | + * -- kzak@redhat.com (22-Feb-2006) | |
| 21 | + */ | |
| 22 | + retcode = pam_acct_mgmt(pamh, 0); | |
| 23 | ||
| 24 | - PAM_FAIL_CHECK; | |
| 25 | + if(retcode == PAM_NEW_AUTHTOK_REQD) { | |
| 26 | + retcode = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK); | |
| 27 | } | |
| 28 | ||
| 29 | + PAM_FAIL_CHECK; | |
| 30 | + | |
| 31 | /* | |
| 32 | * Grab the user information out of the password file for future usage | |
| 33 | * First get the username that we are actually using, though. |