summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/pam_unix/support.c14
1 files changed, 10 insertions, 4 deletions
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index 5138a875..cf01e3c2 100644
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -698,6 +698,8 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
}
} else {
D(("user's record unavailable"));
+ p = NULL;
+ retval = PAM_AUTHINFO_UNAVAIL;
if (on(UNIX_AUDIT, ctrl)) {
/* this might be a typo and the user has given a password
instead of a username. Careful with this. */
@@ -705,11 +707,14 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
"check pass; user (%s) unknown", name);
} else {
name = NULL;
- _log_err(LOG_ALERT, pamh,
- "check pass; user unknown");
+ if (on(UNIX_DEBUG, ctrl) || pwd == NULL) {
+ _log_err(LOG_ALERT, pamh,
+ "check pass; user unknown");
+ } else {
+ /* don't log failure as another pam module can succeed */
+ goto cleanup;
+ }
}
- p = NULL;
- retval = PAM_AUTHINFO_UNAVAIL;
}
} else {
int salt_len = strlen(salt);
@@ -831,6 +836,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
}
}
+cleanup:
if (data_name)
_pam_delete(data_name);
if (salt)