[Bug 188] pam_chauthtok() is called too late

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Mar 28 02:50:25 EST 2002


http://bugzilla.mindrot.org/show_bug.cgi?id=188





------- Additional Comments From Nicolas.Williams at ubsw.com  2002-03-28 02:50 -------
Attached patch. This patch does the following:

 - adds a boolean argument to do_pam_authenticate(), "can_age_pw_here"
 - do_pam_authenticate() always calls pam_acct_mgmt() and saves the result
 - do_pam_authenticate() calls pam_chauthtok()
   IFF (can_age_pw_here && pam_acct_mgmt() == PAM_NEW_AUTHTOK_REQD)
 - auth2_pam() calls do_pam_authenticate(0, 1) to allow password aging
   during keyboard-interactive authentication

Cheers,

Nico



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the openssh-unix-dev mailing list