[Bug 188] pam_chauthtok() is called too late
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Mar 28 02:50:25 EST 2002
http://bugzilla.mindrot.org/show_bug.cgi?id=188
------- Additional Comments From Nicolas.Williams at ubsw.com 2002-03-28 02:50 -------
Attached patch. This patch does the following:
- adds a boolean argument to do_pam_authenticate(), "can_age_pw_here"
- do_pam_authenticate() always calls pam_acct_mgmt() and saves the result
- do_pam_authenticate() calls pam_chauthtok()
IFF (can_age_pw_here && pam_acct_mgmt() == PAM_NEW_AUTHTOK_REQD)
- auth2_pam() calls do_pam_authenticate(0, 1) to allow password aging
during keyboard-interactive authentication
Cheers,
Nico
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-unix-dev
mailing list