diff options
author | Jan Pazdziora <jpazdziora@redhat.com> | 2015-11-09 21:14:54 +0100 |
---|---|---|
committer | Jan Pazdziora <jpazdziora@redhat.com> | 2015-11-09 22:42:37 +0100 |
commit | 6de21466287c3e77850ab1d66f076405971ba4f3 (patch) | |
tree | 8026712e871df6735a9ab21b550be88da87dc440 | |
parent | 6c09ec08d51c8a2ba4d54b698e735438ba954c3b (diff) | |
download | mod_authnz_pam-6de21466287c3e77850ab1d66f076405971ba4f3.tar.gz mod_authnz_pam-6de21466287c3e77850ab1d66f076405971ba4f3.tar.xz mod_authnz_pam-6de21466287c3e77850ab1d66f076405971ba4f3.zip |
Only put the password to the first response (factor).
When modules start to support pre-auth, we would put the password+code
(in case of OTP setup) to both first and second factor, leading to
PAM_CRED_ERR / Failure setting user credentials.
-rw-r--r-- | mod_authnz_pam.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/mod_authnz_pam.c b/mod_authnz_pam.c index 968b567..87d3150 100644 --- a/mod_authnz_pam.c +++ b/mod_authnz_pam.c @@ -61,7 +61,11 @@ static int pam_authenticate_conv(int num_msg, const struct pam_message ** msg, s response[i].resp = 0; response[i].resp_retcode = 0; if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF) { - response[i].resp = strdup(appdata_ptr); + if (i == 0) { + response[i].resp = strdup(appdata_ptr); + } else { + response[i].resp = NULL; + } } else { free(response); return PAM_CONV_ERR; |