On Sun, Jan 20, 2002 at 21:07:14 +0100, Dag-Erling Smorgrav wrote:
> I misread your mail.  Pam_sm_authenticate() is not supposed to care
> that the password is expired.  If it did, it users with expired
> passwords would be effectively locked out; they're supposed to get a
> chance to change their password.  The application is supposed to call
> pam_chauthtok() if pam_acct_mgmt() returns PAM_AUTHTOK_EXPIRED; see
> the sample application in DCE RFC 86.0.

Yes, but I mean edge case when password yet not expired at the moment of
pam_acct_mgmt() call (i.e. pam_acct_mgmt() not return
PAM_AUTHTOK_EXPIRED), but expired at the moment of pam_authenticate()  
call. There can be big network delay between this two calls.

Andrey A. Chernov

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to