From b0b9c38dfce3e3ccbfaa4d00fdf2ea08a70d41a6 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Mon, 1 Aug 2011 10:48:06 -0400 Subject: Allow LDAP to decide when an expiration warning is warranted Previously, we were only displaying expiration warnings if the password was going to expire within a day. We'll allow LDAP to make this decision (by whether it passes us the expiration time). In the future, we can add an option to clamp this down to a shorter period if the local admin prefers it. --- src/responder/pam/pamsrv_cmd.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index 3c9d7600a..7fcf98543 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -409,9 +409,10 @@ static errno_t filter_responses(struct confdb_ctx *cdb, } memcpy(&expire_warn, resp->data + sizeof(uint32_t), sizeof(uint32_t)); - if(expire_warn > pam_expiration_warning * (60 * 60 * 24)) { - resp->do_not_send_to_client = true; - } + /* TODO: Add an option to limit the display of the + * expiration warning to a specified number of + * days (e.g. 14) + */ break; default: DEBUG(7, ("User info type [%d] not filtered.\n")); -- cgit