--with-pam questions...
Toomas Soome
tsoome at ut.ee
Mon May 14 18:27:37 GMT 2001
at first - PAM_NEW_AUTHTOK_REQD response is handled as default, why not as
like PAM_AUTHTOK_EXPIRED ? fix:
Index: pampass.c
===================================================================
RCS file: /cvsroot/samba/source/passdb/pampass.c,v
retrieving revision 1.1.2.25
diff -u -r1.1.2.25 pampass.c
--- pampass.c 9 May 2001 21:14:42 -0000 1.1.2.25
+++ pampass.c 14 May 2001 18:16:42 -0000
@@ -445,6 +445,7 @@
DEBUG(4,("smb_pam_account: PAM: Account Management for User:
%s\n", user));
pam_error = pam_acct_mgmt(pamh, PAM_SILENT); /* Is user account
enabled? */
switch( pam_error ) {
+ case PAM_NEW_AUTHTOK_REQD:
case PAM_AUTHTOK_EXPIRED:
DEBUG(2, ("smb_pam_account: PAM: User %s is valid but password is expired\n", user));
nt_status = NT_STATUS_PASSWORD_EXPIRED;
another problem -- am I correct that NT_STATUS_PASSWORD_EXPIRED will cause
login to be denied? I had chance to try smbclient, but not any other
client... if so, how bad idea is to enable logins with
NT_STATUS_PASSWORD_EXPIRED (with smb.conf option?)?
toomas
--
The famous politician was trying to save both his faces.
More information about the samba-technical
mailing list