summaryrefslogtreecommitdiff
path: root/modules/pam_unix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_unix')
-rw-r--r--modules/pam_unix/README2
-rw-r--r--modules/pam_unix/pam_unix_acct.c4
-rw-r--r--modules/pam_unix/support.h5
3 files changed, 10 insertions, 1 deletions
diff --git a/modules/pam_unix/README b/modules/pam_unix/README
index d6b1f395..afeee3da 100644
--- a/modules/pam_unix/README
+++ b/modules/pam_unix/README
@@ -31,5 +31,7 @@ The following options are recognized:
nis - use NIS RPC for setting new password
remember=X - remember X old passwords, they are kept in
/etc/security/opasswd in MD5 crypted form
+ broken_shadow - ignore errors reading shadow information for
+ users in the account management module
invalid arguments are logged to syslog.
diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c
index 178b6037..58ba93c1 100644
--- a/modules/pam_unix/pam_unix_acct.c
+++ b/modules/pam_unix/pam_unix_acct.c
@@ -129,6 +129,10 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags,
}
if (!spent)
+ if (on(UNIX_BROKEN_SHADOW,ctrl))
+ return PAM_SUCCESS;
+
+ if (!spent)
return PAM_AUTHINFO_UNAVAIL; /* Couldn't get username from shadow */
curdays = time(NULL) / (60 * 60 * 24);
diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h
index 3127e6b0..d9212c28 100644
--- a/modules/pam_unix/support.h
+++ b/modules/pam_unix/support.h
@@ -81,8 +81,10 @@ typedef struct {
#define UNIX_LIKE_AUTH 19 /* need to auth for setcred to work */
#define UNIX_REMEMBER_PASSWD 20 /* Remember N previous passwords */
#define UNIX_NOREAP 21 /* don't reap child process */
+#define UNIX_BROKEN_SHADOW 22 /* ignore errors reading password aging
+ * information during acct management */
/* -------------- */
-#define UNIX_CTRLS_ 22 /* number of ctrl arguments defined */
+#define UNIX_CTRLS_ 23 /* number of ctrl arguments defined */
static const UNIX_Ctrls unix_args[UNIX_CTRLS_] =
@@ -112,6 +114,7 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] =
/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 01000000},
/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 02000000},
/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 04000000},
+/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 010000000},
};
#define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag)
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-03 10:46:08 +0000