summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/pam_pwhistory/pam_pwhistory.c21
1 files changed, 12 insertions, 9 deletions
diff --git a/modules/pam_pwhistory/pam_pwhistory.c b/modules/pam_pwhistory/pam_pwhistory.c
index 4c582bc2..e9b28eb1 100644
--- a/modules/pam_pwhistory/pam_pwhistory.c
+++ b/modules/pam_pwhistory/pam_pwhistory.c
@@ -155,10 +155,6 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv)
if (pwd == NULL)
return PAM_USER_UNKNOWN;
- /* Ignore root if not enforced */
- if (pwd->pw_uid == 0 && !options.enforce_for_root)
- return PAM_SUCCESS;
-
if ((strcmp(pwd->pw_passwd, "x") == 0) ||
((pwd->pw_passwd[0] == '#') &&
(pwd->pw_passwd[1] == '#') &&
@@ -211,11 +207,18 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv)
if (check_old_pass (pamh, user, newpass,
options.debug) != PAM_SUCCESS)
{
- pam_error (pamh,
- _("Password has been already used. Choose another."));
- newpass = NULL;
- /* Remove password item, else following module will use it */
- pam_set_item (pamh, PAM_AUTHTOK, (void *) NULL);
+ if (getuid() || options.enforce_for_root ||
+ (flags & PAM_CHANGE_EXPIRED_AUTHTOK))
+ {
+ pam_error (pamh,
+ _("Password has been already used. Choose another."));
+ newpass = NULL;
+ /* Remove password item, else following module will use it */
+ pam_set_item (pamh, PAM_AUTHTOK, (void *) NULL);
+ }
+ else
+ pam_info (pamh,
+ _("Password has been already used."));
}
}