Allow LDAP to decide when an expiration warning is warranted

Previously, we were only displaying expiration warnings if the password was going to expire within a day. We'll allow LDAP to make this decision (by whether it passes us the expiration time). In the future, we can add an option to clamp this down to a shorter period if the local admin prefers it.
author: Stephen Gallagher <sgallagh@redhat.com> 2011-08-01 10:48:06 -0400
committer: Stephen Gallagher <sgallagh@redhat.com> 2011-08-01 12:18:18 -0400
commit: b0b9c38dfce3e3ccbfaa4d00fdf2ea08a70d41a6 (patch)
tree: 1c34695796df9744f9aeac9172bef15dbbe9ecf5
parent: 83a7d6767035a09099c58838a42fd10516c92063 (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
index 3c9d7600..7fcf9854 100644
--- a/src/responder/pam/pamsrv_cmd.c
+++ b/src/responder/pam/pamsrv_cmd.c
@@ -409,9 +409,10 @@ static errno_t filter_responses(struct confdb_ctx *cdb,
                     }
                     memcpy(&expire_warn, resp->data + sizeof(uint32_t),
                            sizeof(uint32_t));
-                    if(expire_warn > pam_expiration_warning * (60 * 60 * 24)) {
-                        resp->do_not_send_to_client = true;
-                    }
+                    /* TODO: Add an option to limit the display of the
+                     * expiration warning to a specified number of
+                     * days (e.g. 14)
+                     */
                     break;
                 default:
                     DEBUG(7, ("User info type [%d] not filtered.\n"));
author	Stephen Gallagher <sgallagh@redhat.com>	2011-08-01 10:48:06 -0400
committer	Stephen Gallagher <sgallagh@redhat.com>	2011-08-01 12:18:18 -0400
commit	b0b9c38dfce3e3ccbfaa4d00fdf2ea08a70d41a6 (patch)
tree	1c34695796df9744f9aeac9172bef15dbbe9ecf5
parent	83a7d6767035a09099c58838a42fd10516c92063 (diff)