diff options
Diffstat (limited to 'src/sss_client/pam_sss.c')
-rw-r--r-- | src/sss_client/pam_sss.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c index 5ee91b945..e219e8bb5 100644 --- a/src/sss_client/pam_sss.c +++ b/src/sss_client/pam_sss.c @@ -53,6 +53,7 @@ #define FLAGS_FORWARD_PASS (1 << 1) #define FLAGS_USE_AUTHTOK (1 << 2) #define FLAGS_IGNORE_UNKNOWN_USER (1 << 3) +#define FLAGS_IGNORE_AUTHINFO_UNAVAIL (1 << 4) #define PWEXP_FLAG "pam_sss:password_expired_flag" #define FD_DESTRUCTOR "pam_sss:fd_destructor" @@ -1316,6 +1317,8 @@ static void eval_argv(pam_handle_t *pamh, int argc, const char **argv, *quiet_mode = true; } else if (strcmp(*argv, "ignore_unknown_user") == 0) { *flags |= FLAGS_IGNORE_UNKNOWN_USER; + } else if (strcmp(*argv, "ignore_authinfo_unavail") == 0) { + *flags |= FLAGS_IGNORE_AUTHINFO_UNAVAIL; } else { logger(pamh, LOG_WARNING, "unknown option: %s", *argv); } @@ -1456,6 +1459,10 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh, if (flags & FLAGS_IGNORE_UNKNOWN_USER && ret == PAM_USER_UNKNOWN) { ret = PAM_IGNORE; } + if (flags & FLAGS_IGNORE_AUTHINFO_UNAVAIL + && ret == PAM_AUTHINFO_UNAVAIL) { + ret = PAM_IGNORE; + } return ret; } @@ -1498,6 +1505,10 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh, && pam_status == PAM_USER_UNKNOWN) { pam_status = PAM_IGNORE; } + if (flags & FLAGS_IGNORE_AUTHINFO_UNAVAIL + && pam_status == PAM_AUTHINFO_UNAVAIL) { + pam_status = PAM_IGNORE; + } switch (task) { case SSS_PAM_AUTHENTICATE: |