diff options
| author | Tomas Mraz <tmraz@fedoraproject.org> | 2016-02-17 14:21:41 +0100 |
|---|---|---|
| committer | Tomas Mraz <tmraz@fedoraproject.org> | 2016-02-17 14:21:41 +0100 |
| commit | 8bb171506fc2579669fd86bd29885f256e26ccb0 (patch) | |
| tree | 66ec753cb4e2c5c8706c04d05c4ac4768604725e /modules/pam_unix/support.h | |
| parent | 698edffcffd54e7d81bad0829cee9dd2f0a3a6d7 (diff) | |
| download | pam-8bb171506fc2579669fd86bd29885f256e26ccb0.tar.gz pam-8bb171506fc2579669fd86bd29885f256e26ccb0.tar.bz2 pam-8bb171506fc2579669fd86bd29885f256e26ccb0.zip | |
pam_unix: Add no_pass_expiry option to ignore password expiration.
* modules/pam_unix/pam_unix.8.xml: Document the no_pass_expiry option.
* modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): If no_pass_expiry
is on and return value data is not set to PAM_SUCCESS then ignore
PAM_NEW_AUTHTOK_REQD and PAM_AUTHTOK_EXPIRED returns.
* modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Always set the
return value data.
(pam_sm_setcred): Test for likeauth option and use the return value data
only if set.
* modules/pam_unix/support.h: Add the no_pass_expiry option.
Diffstat (limited to 'modules/pam_unix/support.h')
| -rw-r--r-- | modules/pam_unix/support.h | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h index 3729ce0c..b767c265 100644 --- a/modules/pam_unix/support.h +++ b/modules/pam_unix/support.h @@ -98,9 +98,10 @@ typedef struct { #define UNIX_BLOWFISH_PASS 26 /* new password hashes will use blowfish */ #define UNIX_MIN_PASS_LEN 27 /* min length for password */ #define UNIX_QUIET 28 /* Don't print informational messages */ -#define UNIX_DES 29 /* DES, default */ +#define UNIX_NO_PASS_EXPIRY 29 /* Don't check for password expiration if not used for authentication */ +#define UNIX_DES 30 /* DES, default */ /* -------------- */ -#define UNIX_CTRLS_ 30 /* number of ctrl arguments defined */ +#define UNIX_CTRLS_ 31 /* number of ctrl arguments defined */ #define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)) @@ -138,6 +139,7 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = /* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0260420000), 0200000000, 1}, /* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0400000000, 0}, /* UNIX_QUIET */ {"quiet", _ALL_ON_, 01000000000, 0}, +/* UNIX_NO_PASS_EXPIRY */ {"no_pass_expiry", _ALL_ON_, 02000000000, 0}, /* UNIX_DES */ {"des", _ALL_ON_^(0260420000), 0, 1}, }; |