>> How about new_authtok_reqd=1 (i.e. skip the pam_deny entry)? In Hardy >> pam_unix used to be "required", which translates into [success=ok >> new_authtok_reqd=ok ignore=ignore default=bad], so success and >> new_authtok_reqd had the same action back then, too. > No, that's definitely wrong. "new_authtok_reqd=1" would mean pam_unix > would not contribute at all to the return code of the stack, it would > instead jump to pam_permit and return PAM_SUCCESS.
Reading the docs again, I've apparantly had the wrong idea about the "ok" action (I somehow thought that that too would result in PAM_SUCCESS being returned). I see the problem now. Thanks for pointing this out. -- [regression] passwd -e locks account https://bugs.launchpad.net/bugs/291091 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
