Approved by Robert Ancell, PS Jenkins bot.
if (authentication_result == PAM_SUCCESS)
authentication_result = pam_acct_mgmt (pam_handle, 0);
if (authentication_result == PAM_NEW_AUTHTOK_REQD)
- authentication_result = pam_chauthtok (pam_handle, 0);
+ authentication_result = pam_chauthtok (pam_handle, PAM_CHANGE_EXPIRED_AUTHTOK);
}
else
authentication_result = PAM_SUCCESS;
# Log into account that requires as password change
#?*GREETER-X-0 AUTHENTICATE USERNAME=new-authtok
-#?GREETER-X-0 SHOW-PROMPT TEXT="Enter new password:"
+#?GREETER-X-0 SHOW-PROMPT TEXT="Enter new password \(expired\):"
#?*GREETER-X-0 RESPOND TEXT="New password"
#?GREETER-X-0 AUTHENTICATION-COMPLETE USERNAME=new-authtok AUTHENTICATED=TRUE
#?*GREETER-X-0 START-SESSION
msg = malloc (sizeof (struct pam_message *) * 1);
msg[0] = malloc (sizeof (struct pam_message));
msg[0]->msg_style = PAM_PROMPT_ECHO_OFF;
- msg[0]->msg = "Enter new password:";
+ if ((flags & PAM_CHANGE_EXPIRED_AUTHTOK) != 0)
+ msg[0]->msg = "Enter new password (expired):";
+ else
+ msg[0]->msg = "Enter new password:";
result = pamh->conversation.conv (1, (const struct pam_message **) msg, &resp, pamh->conversation.appdata_ptr);
free (msg[0]);
free (msg);