Test for locked account in auth.c (bug #442).
Darren Tucker
dtucker at zip.com.au
Tue Jan 7 22:01:47 EST 2003
Hi Damien,
I noticed you merged a couple of ifdefs in the fix for bug #442. The
cvs comment says "Fix Bug #442 for PAM case". The code is now roughly:
#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \
!defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
spw = getspnam(pw->pw_name);
passwd = spw->sp_pwdp;
#else
passwd = pw->pw_passwd;
#endif
[test for locked passwd entry]
If the platform is using PAM, /etc/passwd is checked regardless of
whether or not it actually has /etc/shadow.
If the platform has /etc/shadow but doesn't have shadow expiry then the
/etc/passwd entry will be checked rather than the /etc/shadow one.
Is this correct or have I overlooked something?
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list