blob: 0f766e915228717cc633f51484ca8e0a142ebef4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
Index: debian-pkg-pam/modules/pam_unix/pam_unix_acct.c
===================================================================
--- debian-pkg-pam.orig/modules/pam_unix/pam_unix_acct.c 2009-04-17 11:30:15.000000000 -0700
+++ debian-pkg-pam/modules/pam_unix/pam_unix_acct.c 2009-04-17 11:31:25.000000000 -0700
@@ -250,6 +250,9 @@
_make_remark(pamh, ctrl, PAM_ERROR_MSG,
_("Your account has expired; please contact your system administrator"));
break;
+ case PAM_AUTHTOK_ERR:
+ retval = PAM_SUCCESS;
+ /* fallthrough */
case PAM_SUCCESS:
if (daysleft >= 0) {
pam_syslog(pamh, LOG_DEBUG,
Index: debian-pkg-pam/modules/pam_unix/passverify.c
===================================================================
--- debian-pkg-pam.orig/modules/pam_unix/passverify.c 2009-04-17 11:30:07.000000000 -0700
+++ debian-pkg-pam/modules/pam_unix/passverify.c 2009-04-17 11:30:59.000000000 -0700
@@ -301,8 +301,16 @@
*daysleft = (int)((spent->sp_lstchg + spent->sp_max) - curdays);
D(("warn before expiry"));
}
+ if ((curdays - spent->sp_lstchg < spent->sp_min)
+ && (spent->sp_min != -1)) {
+ /*
+ * The last password change was too recent. This error will be ignored
+ * if no password change is attempted.
+ */
+ D(("password change too recent"));
+ return PAM_AUTHTOK_ERR;
+ }
return PAM_SUCCESS;
-
}
/* passwd/salt conversion macros */
|
