Relevant BUGIDs: Redhat bz 69279

Purpose of commit: bugfix

Commit summary:
---------------
pam_unix: Forced password change shouldn't trump account expiration

2 files changed, 8 insertions, 2 deletions

diff --git a/CHANGELOG b/CHANGELOG
index 2b00ebf6..95da5516 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -63,6 +63,13 @@ BerliOS Bugs are marked with (BerliOS #XXXX).
 0.78: please submit patches for this section with actual code/doc
       patches!
 
+* pam_unix: change the order of trying password changes - local first,
+  NIS second (t8m)
+* pam_wheel: add option only_root to make it affect authentication 
+  to root account only
+* pam_unix: test return values on renaming files and report error to
+  syslog and to user
+* pam_unix: forced password change shouldn't trump account expiration
 * pam_unix: remove the use of openlog (from debian - toady)
 * pam_unix: NIS cleanup (patch from Philippe Troin)
 * pam_access: you can now authenticate an explicit user on an explicit
diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c
index 2cd26792..01925eaf 100644
--- a/modules/pam_unix/pam_unix_acct.c
+++ b/modules/pam_unix/pam_unix_acct.c
@@ -137,8 +137,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags,
 
 	curdays = time(NULL) / (60 * 60 * 24);
 	D(("today is %d, last change %d", curdays, spent->sp_lstchg));
-	if ((curdays > spent->sp_expire) && (spent->sp_expire != -1)
-	    && (spent->sp_lstchg != 0)) {
+	if ((curdays > spent->sp_expire) && (spent->sp_expire != -1)) {
 		_log_err(LOG_NOTICE, pamh
 			 ,"account %s has expired (account expired)"
 			 ,uname);