On Sun, Jan 20, 2002 at 21:07:14 +0100, Dag-Erling Smorgrav wrote: > I misread your mail. Pam_sm_authenticate() is not supposed to care > that the password is expired. If it did, it users with expired > passwords would be effectively locked out; they're supposed to get a > chance to change their password. The application is supposed to call > pam_chauthtok() if pam_acct_mgmt() returns PAM_AUTHTOK_EXPIRED; see > the sample application in DCE RFC 86.0.
Yes, but I mean edge case when password yet not expired at the moment of pam_acct_mgmt() call (i.e. pam_acct_mgmt() not return PAM_AUTHTOK_EXPIRED), but expired at the moment of pam_authenticate() call. There can be big network delay between this two calls. -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
