pam_exec: allow expose_authtok for password PAM_TYPE

Before this change, pam_exec allowed expose_authtok option to be
specified for "auth" PAM_TYPE only.

* modules/pam_exec/pam_exec.c (call_exec): Allow expose_authtok
to be specified for "password" PAM_TYPE.
* modules/pam_exec/pam_exec.8.xml: Document it.

2 files changed, 3 insertions, 3 deletions

diff --git a/modules/pam_exec/pam_exec.8.xml b/modules/pam_exec/pam_exec.8.xml
index 13abe6e6..677d598a 100644
--- a/modules/pam_exec/pam_exec.8.xml
+++ b/modules/pam_exec/pam_exec.8.xml
@@ -103,7 +103,7 @@
           </term>
           <listitem>
             <para>
-              During authentication the calling command can read
+              During authentication and password change the calling command can read
               the password from <citerefentry>
               <refentrytitle>stdin</refentrytitle><manvolnum>3</manvolnum>
               </citerefentry>. Only first <emphasis>PAM_MAX_RESP_SIZE</emphasis>
@@ -313,4 +313,4 @@
       </para>
   </refsect1>
 
-</refentry>
\ No newline at end of file
+</refentry>
diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c
index e79cb905..24c99a32 100644
--- a/modules/pam_exec/pam_exec.c
+++ b/modules/pam_exec/pam_exec.c
@@ -156,7 +156,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
 
   if (expose_authtok == 1)
     {
-      if (strcmp (pam_type, "auth") != 0)
+      if (strcmp (pam_type, "auth") != 0 && strcmp (pam_type, "password") != 0)
 	{
 	  pam_syslog (pamh, LOG_ERR,
 		      "expose_authtok not supported for type %s", pam_type);