- in login, allow PAM to interact with the user when they've been strongly
authenticated
- in login, signal PAM when we're changing an expired password that it's an
expired password, so that when cracklib flags a password as being weak
it's treated as an error even if we're running as root
This commit is contained in:
Nalin Dahyabhai
parent
ea9df965b8
commit
a7d42c7b03
@ -240,7 +240,7 @@ When enabled, ftpd, krshd, and login.krb5 gain dependence on libpam.
|
||||
|
||||
+#ifdef USE_PAM
|
||||
+ if (login_use_pam) {
|
||||
+ if (appl_pam_acct_mgmt(LOGIN_PAM_SERVICE, 0, username, "",
|
||||
+ if (appl_pam_acct_mgmt(LOGIN_PAM_SERVICE, 1, username, "",
|
||||
+ ttyname(STDIN_FILENO)) != 0) {
|
||||
+ printf("Login incorrect\n");
|
||||
+ sleepexit(1);
|
||||
@ -652,9 +652,9 @@ When enabled, ftpd, krshd, and login.krb5 gain dependence on libpam.
|
||||
+ int ret = 0;
|
||||
+ if (appl_pam_started) {
|
||||
+#ifdef DEBUG
|
||||
+ printf("Changing PAM authentication token.\n");
|
||||
+ printf("Changing PAM expired authentication token.\n");
|
||||
+#endif
|
||||
+ ret = pam_chauthtok(appl_pamh, 0);
|
||||
+ ret = pam_chauthtok(appl_pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
|
||||
+ }
|
||||
+ return ret;
|
||||
+}
|
||||
|
||||
@ -226,6 +226,13 @@ to obtain initial credentials from a KDC using a private key and a
|
||||
certificate.
|
||||
|
||||
%changelog
|
||||
* Mon Feb 25 2008 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- in login, allow PAM to interact with the user when they've been strongly
|
||||
authenticated
|
||||
- in login, signal PAM when we're changing an expired password that it's an
|
||||
expired password, so that when cracklib flags a password as being weak it's
|
||||
treated as an error even if we're running as root
|
||||
|
||||
* Mon Feb 18 2008 Nalin Dahyabhai <nalin@redhat.com> 1.6.3-7
|
||||
- drop netdb patch
|
||||
- kdb_ldap: add patch to treat 'nsAccountLock: true' as an indication that
|
||||
|
||||
Loading…
Reference in New Issue
Block a user