Test for locked account in auth.c (bug #442).

Darren Tucker dtucker at zip.com.au
Tue Jan 7 22:01:47 EST 2003


Hi Damien,
	I noticed you merged a couple of ifdefs in the fix for bug #442. The
cvs comment says "Fix Bug #442 for PAM case".  The code is now roughly:

#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \
    !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
        spw = getspnam(pw->pw_name);
        passwd = spw->sp_pwdp;
#else
        passwd = pw->pw_passwd;
#endif
	[test for locked passwd entry]

	If the platform is using PAM, /etc/passwd is checked regardless of
whether or not it actually has /etc/shadow.

	If the platform has /etc/shadow but doesn't have shadow expiry then the
/etc/passwd entry will be checked rather than the /etc/shadow one.

	Is this correct or have I overlooked something?

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.



More information about the openssh-unix-dev mailing list