1 files changed, 11 insertions, 0 deletions

diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c
index 5ee91b945..e219e8bb5 100644
--- a/src/sss_client/pam_sss.c
+++ b/src/sss_client/pam_sss.c
@@ -53,6 +53,7 @@
 #define FLAGS_FORWARD_PASS   (1 << 1)
 #define FLAGS_USE_AUTHTOK    (1 << 2)
 #define FLAGS_IGNORE_UNKNOWN_USER (1 << 3)
+#define FLAGS_IGNORE_AUTHINFO_UNAVAIL (1 << 4)
 
 #define PWEXP_FLAG "pam_sss:password_expired_flag"
 #define FD_DESTRUCTOR "pam_sss:fd_destructor"
@@ -1316,6 +1317,8 @@ static void eval_argv(pam_handle_t *pamh, int argc, const char **argv,
             *quiet_mode = true;
         } else if (strcmp(*argv, "ignore_unknown_user") == 0) {
             *flags |= FLAGS_IGNORE_UNKNOWN_USER;
+        } else if (strcmp(*argv, "ignore_authinfo_unavail") == 0) {
+            *flags |= FLAGS_IGNORE_AUTHINFO_UNAVAIL;
         } else {
             logger(pamh, LOG_WARNING, "unknown option: %s", *argv);
         }
@@ -1456,6 +1459,10 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh,
         if (flags & FLAGS_IGNORE_UNKNOWN_USER && ret == PAM_USER_UNKNOWN) {
             ret = PAM_IGNORE;
         }
+        if (flags & FLAGS_IGNORE_AUTHINFO_UNAVAIL
+                && ret == PAM_AUTHINFO_UNAVAIL) {
+            ret = PAM_IGNORE;
+        }
         return ret;
     }
 
@@ -1498,6 +1505,10 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh,
                 && pam_status == PAM_USER_UNKNOWN) {
             pam_status = PAM_IGNORE;
         }
+        if (flags & FLAGS_IGNORE_AUTHINFO_UNAVAIL
+                && pam_status == PAM_AUTHINFO_UNAVAIL) {
+            pam_status = PAM_IGNORE;
+        }
 
         switch (task) {
             case SSS_PAM_AUTHENTICATE: