diff options
Diffstat (limited to 'src/sss_client/pam_sss.c')
-rw-r--r-- | src/sss_client/pam_sss.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c index d4baa19b6..908ab128e 100644 --- a/src/sss_client/pam_sss.c +++ b/src/sss_client/pam_sss.c @@ -49,6 +49,7 @@ #define FLAGS_FORWARD_PASS (1 << 1) #define FLAGS_USE_AUTHTOK (1 << 2) #define FLAGS_IGNORE_UNKNOWN_USER (1 << 3) +#define FLAGS_IGNORE_AUTHINFO_UNAVAIL (1 << 4) #define PWEXP_FLAG "pam_sss:password_expired_flag" #define FD_DESTRUCTOR "pam_sss:fd_destructor" @@ -1309,6 +1310,8 @@ static void eval_argv(pam_handle_t *pamh, int argc, const char **argv, *quiet_mode = true; } else if (strcmp(*argv, "ignore_unknown_user") == 0) { *flags |= FLAGS_IGNORE_UNKNOWN_USER; + } else if (strcmp(*argv, "ignore_authinfo_unavail") == 0) { + *flags |= FLAGS_IGNORE_AUTHINFO_UNAVAIL; } else { logger(pamh, LOG_WARNING, "unknown option: %s", *argv); } @@ -1453,6 +1456,10 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh, if (flags & FLAGS_IGNORE_UNKNOWN_USER && ret == PAM_USER_UNKNOWN) { ret = PAM_IGNORE; } + if (flags & FLAGS_IGNORE_AUTHINFO_UNAVAIL + && ret == PAM_AUTHINFO_UNAVAIL) { + ret = PAM_IGNORE; + } return ret; } @@ -1495,6 +1502,10 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh, && pam_status == PAM_USER_UNKNOWN) { pam_status = PAM_IGNORE; } + if (flags & FLAGS_IGNORE_AUTHINFO_UNAVAIL + && pam_status == PAM_AUTHINFO_UNAVAIL) { + pam_status = PAM_IGNORE; + } switch (task) { case SSS_PAM_AUTHENTICATE: |