rpms / util-linux

Clone
Source Code
GIT

Files

  1.   ea6a7f507540715f9633316009f3b81add9485e0
  2.   util-linux-2.13-login-pam-acct.patch
Blob Blame History Raw 
--- util-linux-2.13-pre6/login-utils/login.c.acct	2006-02-22 21:43:03.000000000 +0100
+++ util-linux-2.13-pre6/login-utils/login.c	2006-02-22 21:57:55.000000000 +0100
@@ -602,16 +602,22 @@
 	    pam_end(pamh, retcode);
 	    exit(0);
 	}
+    }
 
-	retcode = pam_acct_mgmt(pamh, 0);
-
-	if(retcode == PAM_NEW_AUTHTOK_REQD) {
-	    retcode = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
-	}
+    /*
+     * Authentication may be skipped (for example, during krlogin, rlogin, etc...), 
+     * but it doesn't mean that we can skip other account checks. The account 
+     * could be disabled or password expired (althought kerberos ticket is valid).
+     * -- kzak@redhat.com (22-Feb-2006)
+     */
+    retcode = pam_acct_mgmt(pamh, 0);
 
-	PAM_FAIL_CHECK;
+    if(retcode == PAM_NEW_AUTHTOK_REQD) {
+        retcode = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
     }
 
+    PAM_FAIL_CHECK;
+
     /*
      * Grab the user information out of the password file for future usage
      * First get the username that we are actually using, though.
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.