32 lines
1.0 KiB
Diff
32 lines
1.0 KiB
Diff
--- util-linux-2.13-pre6/login-utils/login.c.acct 2006-02-22 21:43:03.000000000 +0100
|
|
+++ util-linux-2.13-pre6/login-utils/login.c 2006-02-22 21:57:55.000000000 +0100
|
|
@@ -602,16 +602,22 @@
|
|
pam_end(pamh, retcode);
|
|
exit(0);
|
|
}
|
|
+ }
|
|
|
|
- retcode = pam_acct_mgmt(pamh, 0);
|
|
-
|
|
- if(retcode == PAM_NEW_AUTHTOK_REQD) {
|
|
- retcode = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
|
|
- }
|
|
+ /*
|
|
+ * Authentication may be skipped (for example, during krlogin, rlogin, etc...),
|
|
+ * but it doesn't mean that we can skip other account checks. The account
|
|
+ * could be disabled or password expired (althought kerberos ticket is valid).
|
|
+ * -- kzak@redhat.com (22-Feb-2006)
|
|
+ */
|
|
+ retcode = pam_acct_mgmt(pamh, 0);
|
|
|
|
- PAM_FAIL_CHECK;
|
|
+ if(retcode == PAM_NEW_AUTHTOK_REQD) {
|
|
+ retcode = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
|
|
}
|
|
|
|
+ PAM_FAIL_CHECK;
|
|
+
|
|
/*
|
|
* Grab the user information out of the password file for future usage
|
|
* First get the username that we are actually using, though.
|