path: root/modules/pam_unix/pam_unix.8.xml
diff options
authorTomas Mraz <>2016-02-17 14:21:41 +0100
committerTomas Mraz <>2016-02-17 14:21:41 +0100
commit8bb171506fc2579669fd86bd29885f256e26ccb0 (patch)
tree66ec753cb4e2c5c8706c04d05c4ac4768604725e /modules/pam_unix/pam_unix.8.xml
parent698edffcffd54e7d81bad0829cee9dd2f0a3a6d7 (diff)
pam_unix: Add no_pass_expiry option to ignore password expiration.
* modules/pam_unix/pam_unix.8.xml: Document the no_pass_expiry option. * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): If no_pass_expiry is on and return value data is not set to PAM_SUCCESS then ignore PAM_NEW_AUTHTOK_REQD and PAM_AUTHTOK_EXPIRED returns. * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Always set the return value data. (pam_sm_setcred): Test for likeauth option and use the return value data only if set. * modules/pam_unix/support.h: Add the no_pass_expiry option.
Diffstat (limited to 'modules/pam_unix/pam_unix.8.xml')
1 files changed, 19 insertions, 0 deletions
diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml
index a8b64bb5..6d8e4ba0 100644
--- a/modules/pam_unix/pam_unix.8.xml
+++ b/modules/pam_unix/pam_unix.8.xml
@@ -364,6 +364,25 @@
+ <varlistentry>
+ <term>
+ <option>no_pass_expiry</option>
+ </term>
+ <listitem>
+ <para>
+ When set ignore password expiration as defined by the
+ <emphasis>shadow</emphasis> entry of the user. The option has an
+ effect only in case <emphasis>pam_unix</emphasis> was not used
+ for the authentication or it returned authentication failure
+ meaning that other authentication source or method succeeded.
+ The example can be public key authentication in
+ <emphasis>sshd</emphasis>. The module will return
+ <emphasis remap='B'>PAM_SUCCESS</emphasis> instead of eventual
+ <emphasis remap='B'>PAM_NEW_AUTHTOK_REQD</emphasis> or
+ <emphasis remap='B'>PAM_AUTHTOK_EXPIRED</emphasis>.
+ </para>
+ </listitem>
+ </varlistentry>
Invalid arguments are logged with <citerefentry>