mirror of
https://abf.rosa.ru/djam/pam.git
synced 2025-02-23 16:32:51 +00:00
31 lines
1 KiB
Diff
31 lines
1 KiB
Diff
From 9ebc14085a3ba253598cfaa0d3f0d76ea5ee8ccb Mon Sep 17 00:00:00 2001
|
|
From: Tobias Stoeckmann <tobias@stoeckmann.org>
|
|
Date: Wed, 13 Dec 2023 00:37:29 +0100
|
|
Subject: [PATCH] pam_unix: allow disabled password aging
|
|
|
|
According to shadow(5) manual page, an empty sp_lstchg field implies
|
|
that password aging is disabled.
|
|
|
|
This indeed is in sync with shadow's isexpired function.
|
|
|
|
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
|
---
|
|
modules/pam_unix/passverify.c | 5 +++++
|
|
1 file changed, 5 insertions(+)
|
|
|
|
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
|
|
index a842b70d3..7993737c9 100644
|
|
--- a/modules/pam_unix/passverify.c
|
|
+++ b/modules/pam_unix/passverify.c
|
|
@@ -311,6 +311,11 @@ PAMH_ARG_DECL(int check_shadow_expiry,
|
|
*daysleft = 0;
|
|
return PAM_NEW_AUTHTOK_REQD;
|
|
}
|
|
+ if (spent->sp_lstchg < 0) {
|
|
+ D(("password aging disabled"));
|
|
+ *daysleft = 0;
|
|
+ return PAM_SUCCESS;
|
|
+ }
|
|
if (curdays < spent->sp_lstchg) {
|
|
pam_syslog(pamh, LOG_DEBUG,
|
|
"account %s has password changed in future",
|