--- Linux-PAM-0.99.3.0/modules/pam_cracklib/pam_cracklib.c.try-first-pass 2006-01-08 10:49:05.000000000 +0100 +++ Linux-PAM-0.99.3.0/modules/pam_cracklib/pam_cracklib.c 2006-02-24 10:42:53.000000000 +0100 @@ -93,6 +93,7 @@ int low_credit; int oth_credit; int use_authtok; + int try_first_pass; char prompt_type[BUFSIZ]; char cracklib_dictpath[PATH_MAX]; }; @@ -158,6 +159,10 @@ opt->oth_credit = 0; } else if (!strncmp(*argv,"use_authtok",11)) { opt->use_authtok = 1; + } else if (!strncmp(*argv,"use_first_pass",14)) { + opt->use_authtok = 1; + } else if (!strncmp(*argv,"try_first_pass",14)) { + opt->try_first_pass = 1; } else if (!strncmp(*argv,"dictpath=",9)) { strncpy(opt->cracklib_dictpath, *argv+9, sizeof(opt->cracklib_dictpath) - 1); @@ -559,7 +564,7 @@ * set PAM_AUTHTOK and return */ - if (options.use_authtok == 1) { + if (options.use_authtok == 1 || options.try_first_pass == 1) { const void *item = NULL; retval = pam_get_item(pamh, PAM_AUTHTOK, &item); @@ -570,11 +575,13 @@ } else if (item != NULL) { /* we have a password! */ token1 = x_strdup(item); item = NULL; + options.use_authtok = 1; /* don't ask for the password again */ } else { retval = PAM_AUTHTOK_RECOVERY_ERR; /* didn't work */ } - - } else { + } + + if (options.use_authtok != 1) { /* Prepare to ask the user for the first time */ resp = NULL; retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &resp,