summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap/ldap_access.c
diff options
context:
space:
mode:
authorPavel Reichl <preichl@redhat.com>2015-02-18 01:03:40 -0500
committerJakub Hrozek <jhrozek@redhat.com>2015-03-03 18:51:30 +0100
commitd3f82e944dc5dab3812700a245deec4aa3245b21 (patch)
tree990e5b3d9bc431c6e182fec2b76d64d6484289e4 /src/providers/ldap/ldap_access.c
parent8b353dd2b90b7ab222acdea726ab7e8681752237 (diff)
downloadsssd-d3f82e944dc5dab3812700a245deec4aa3245b21.tar.gz
sssd-d3f82e944dc5dab3812700a245deec4aa3245b21.tar.xz
sssd-d3f82e944dc5dab3812700a245deec4aa3245b21.zip
SDAP: enable change phase of pw expire policy check
Implement new option which does checking password expiration policy in accounting phase. This allows SSSD to issue shadow expiration warning even if alternate authentication method is used. Resolves: https://fedorahosted.org/sssd/ticket/2167 Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit c9b0071bfcb8eb8c71e40248de46d23aceecc0f3)
Diffstat (limited to 'src/providers/ldap/ldap_access.c')
-rw-r--r--src/providers/ldap/ldap_access.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/src/providers/ldap/ldap_access.c b/src/providers/ldap/ldap_access.c
index 1913cd9a9..7ebdb20c0 100644
--- a/src/providers/ldap/ldap_access.c
+++ b/src/providers/ldap/ldap_access.c
@@ -96,6 +96,18 @@ static void sdap_access_done(struct tevent_req *req)
case ERR_ACCOUNT_EXPIRED:
pam_status = PAM_ACCT_EXPIRED;
break;
+ case ERR_PASSWORD_EXPIRED:
+ pam_status = PAM_PERM_DENIED;
+ break;
+ case ERR_PASSWORD_EXPIRED_REJECT:
+ pam_status = PAM_PERM_DENIED;
+ break;
+ case ERR_PASSWORD_EXPIRED_WARN:
+ pam_status = PAM_SUCCESS;
+ break;
+ case ERR_PASSWORD_EXPIRED_RENEW:
+ pam_status = PAM_NEW_AUTHTOK_REQD;
+ break;
default:
DEBUG(SSSDBG_CRIT_FAILURE, "Error retrieving access check result.\n");
pam_status = PAM_SYSTEM_ERR;
generated by cgit (git 2.34.1) at 2024-06-29 15:03:34 +0000