[Bug 1188] keyboard-interactive should not allow retry after pam_acct_mgmt fails
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Wed May 3 15:57:53 EST 2006
http://bugzilla.mindrot.org/show_bug.cgi?id=1188
------- Comment #5 from dtucker at zip.com.au 2006-05-03 15:57 -------
(In reply to comment #4)
> PAM acct mgmt can fail for reasons other than password expiry. The
> patch looks like you assume this is the reason.
The patch is about *account* expiry not *password* expiry. Actually,
it's about any failures of pam_acct_mgmt that aren't password expiry.
do_pam_account() sets force_pwchange and returns success if
pam_account_mgmt returns PAM_NEW_AUTHTOK_REQD (but the code already
checks for that) or returns a failure for any other non-success code.
> Also, if the account IS expired, the user should be given a chance
> to update their password.
If pam_acct_mgmt failed for any reason other than PAM_NEW_AUTHTOK_REQD
then no, they shouldn't.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list