--with-pam questions...

Toomas Soome tsoome at ut.ee
Mon May 14 18:27:37 GMT 2001

at first - PAM_NEW_AUTHTOK_REQD response is handled as default, why not as

Index: pampass.c
RCS file: /cvsroot/samba/source/passdb/pampass.c,v
retrieving revision
diff -u -r1.1.2.25 pampass.c
--- pampass.c   9 May 2001 21:14:42 -0000
+++ pampass.c   14 May 2001 18:16:42 -0000
@@ -445,6 +445,7 @@
        DEBUG(4,("smb_pam_account: PAM: Account Management for User:
%s\n", user));
        pam_error = pam_acct_mgmt(pamh, PAM_SILENT); /* Is user account
enabled? */
        switch( pam_error ) {
+               case PAM_NEW_AUTHTOK_REQD:
                case PAM_AUTHTOK_EXPIRED:
                        DEBUG(2, ("smb_pam_account: PAM: User %s is valid but password is expired\n", user));
                        nt_status = NT_STATUS_PASSWORD_EXPIRED;

another problem -- am I correct that NT_STATUS_PASSWORD_EXPIRED will cause
login to be denied? I had chance to try smbclient, but not any other
client... if so, how bad idea is to enable logins with
NT_STATUS_PASSWORD_EXPIRED (with smb.conf option?)?

The famous politician was trying to save both his faces.

More information about the samba-technical mailing list