[Bug 1188] keyboard-interactive should not allow retry after pam_acct_mgmt fails
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu May 4 12:49:46 EST 2006
http://bugzilla.mindrot.org/show_bug.cgi?id=1188
------- Comment #6 from fcusack at fcusack.com 2006-05-04 12:49 -------
> do_pam_account() sets force_pwchange and returns success if
> pam_account_mgmt returns PAM_NEW_AUTHTOK_REQD (but the code already
> checks for that) or returns a failure for any other non-success code.
I hadn't looked at do_pam_acct(), I only looked at the patch. So
without
enough context I mistook the effects of the patch. I did at least say
"looks like".
Thanks for the additional info, it sounds like the patch DTRT.
>> Also, if the account IS expired, the user should be given a chance
>> to update their password.
>
> If pam_acct_mgmt failed for any reason other than PAM_NEW_AUTHTOK_REQD
> then no, they shouldn't.
That's what I just said. Since the patch doesn't have the effect I
thought it
did, you can obviously ignore this comment.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list