summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2011-08-01 10:48:06 -0400
committerStephen Gallagher <sgallagh@redhat.com>2011-08-01 12:18:35 -0400
commitb3d6f8383b94ffe49e02bb156e1ab442b46b042c (patch)
tree7d49bb9551ed1c6a7c93371e92cafd01d174719f
parent723df23572d1b208d784e317f50f0484401538c4 (diff)
downloadsssd-b3d6f8383b94ffe49e02bb156e1ab442b46b042c.tar.gz
sssd-b3d6f8383b94ffe49e02bb156e1ab442b46b042c.tar.xz
sssd-b3d6f8383b94ffe49e02bb156e1ab442b46b042c.zip
Allow LDAP to decide when an expiration warning is warranted
Previously, we were only displaying expiration warnings if the password was going to expire within a day. We'll allow LDAP to make this decision (by whether it passes us the expiration time). In the future, we can add an option to clamp this down to a shorter period if the local admin prefers it.
-rw-r--r--src/responder/pam/pamsrv_cmd.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
index 3c9d7600a..7fcf98543 100644
--- a/src/responder/pam/pamsrv_cmd.c
+++ b/src/responder/pam/pamsrv_cmd.c
@@ -409,9 +409,10 @@ static errno_t filter_responses(struct confdb_ctx *cdb,
}
memcpy(&expire_warn, resp->data + sizeof(uint32_t),
sizeof(uint32_t));
- if(expire_warn > pam_expiration_warning * (60 * 60 * 24)) {
- resp->do_not_send_to_client = true;
- }
+ /* TODO: Add an option to limit the display of the
+ * expiration warning to a specified number of
+ * days (e.g. 14)
+ */
break;
default:
DEBUG(7, ("User info type [%d] not filtered.\n"));