[PATCH] pam: map more NT password errors to PAM errors
Jeremy Allison
jra at samba.org
Fri Dec 9 22:45:35 UTC 2016
On Thu, Dec 08, 2016 at 07:05:42PM +0100, Björn Jacke wrote:
On 2016-12-09 at 06:59 +1300 Andrew Bartlett sent off:
> > On Thu, 2016-12-08 at 18:33 +0100, Björn Jacke wrote:
> > > NT_STATUS_ACCOUNT_DISABLED,
> >
> > Is that really best mapped to ACCT_EXPIRED?
>
> actually yes :-)
I looked though here:
http://pubs.opengroup.org/onlinepubs/8329799/chap5.htm
and couldn't find anything that matched better, so
yeah - I think that's OK.
> Ah, I should have added this line also:
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=2210
>
> I'll add the BUG line in case it is ready to be pushed.
If you fix the horrible 80+ column wrapping on the
below :-), then "Reviewed by: Jeremy Allison <jra at samba.org>"
+ case PAM_AUTHTOK_ERR:
+ /* Authentication token manipulation error */
+ _pam_log(LOG_WARNING, "user `%s' authentication token change failed (pwd complexity/history/min_age not met?)", user);
+ return retval;
case PAM_SUCCESS:
More information about the samba-technical
mailing list