Here it is, but be aware as I said that it's only a very ugly dirty fix
I made just to get rid of the problem.
Le 2009-05-01 12:26, Jeremy Allison a écrit :
> On Fri, May 01, 2009 at 12:11:17PM -0400, Eric wrote:
>
>> In the meantime someone gets a better idea, I compiled pam_winbind.so
>> from Samaba 3.3.4 sources with the following modifications to pam_winbind.c:
>>
>
> Sorry but your mailer mangled the patch. Can you re-send as
> an attachment please ?
>
> Thanks,
>
> Jeremy.
>
--
Eric Martel
Québec (Québec)
Canada
Ce courriel est signé numériquement avec la clef suivante:
This e-mail is digitally signed with the following key:
ED3F191C (key://pgp.mit.edu, http://key.ericmartel.net/)
Pour plus d'information: http://gpg.ericmartel.net/
For more info: http://www.gnupg.org/
--- samba-3.3.4/source/nsswitch/pam_winbind.c 2009-05-01 12:45:49.000000000 -0400
+++ samba-3.3.4.modified/source/nsswitch/pam_winbind.c 2009-05-01 12:46:18.000000000 -0400
@@ -821,6 +821,9 @@
int warn_pwd_expire,
bool *already_expired)
{
+ // Added by Eric Martel: avoid faulty expiry message
+ return false;
+
int days = 0;
struct tm tm_now, tm_next_change;
@@ -2703,14 +2706,16 @@
case PAM_AUTHTOK_EXPIRED:
/* fall through, since new token is required in this case */
case PAM_NEW_AUTHTOK_REQD:
- _pam_log(ctx, LOG_WARNING,
+ // commented by Eric Martel to prevent faulty logon rejection
+ /*_pam_log(ctx, LOG_WARNING,
"pam_sm_acct_mgmt success but %s is set",
PAM_WINBIND_NEW_AUTHTOK_REQD);
_pam_log(ctx, LOG_NOTICE,
"user '%s' needs new password",
username);
/* PAM_AUTHTOKEN_REQD does not exist, but is documented in the manpage */
- ret = PAM_NEW_AUTHTOK_REQD;
+ //ret = PAM_NEW_AUTHTOK_REQD;
+ ret = PAM_SUCCESS;
goto out;
default:
_pam_log(ctx, LOG_WARNING,
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
