1 - login omits pam_acct_mgmt & pam_chauthtok when authentication is skipped
3 --- util-linux-2.13-pre6/login-utils/login.c.acct 2006-02-22 21:43:03.000000000 +0100
4 +++ util-linux-2.13-pre6/login-utils/login.c 2006-02-22 21:57:55.000000000 +0100
6 pam_end(pamh, retcode);
11 - retcode = pam_acct_mgmt(pamh, 0);
13 - if(retcode == PAM_NEW_AUTHTOK_REQD) {
14 - retcode = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
17 + * Authentication may be skipped (for example, during krlogin, rlogin, etc...),
18 + * but it doesn't mean that we can skip other account checks. The account
19 + * could be disabled or password expired (althought kerberos ticket is valid).
20 + * -- kzak@redhat.com (22-Feb-2006)
22 + retcode = pam_acct_mgmt(pamh, 0);
25 + if(retcode == PAM_NEW_AUTHTOK_REQD) {
26 + retcode = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
32 * Grab the user information out of the password file for future usage
33 * First get the username that we are actually using, though.