Hello Tomasz,
Can you have a look at this patch?
It performs an pam_chauthok when pam_acct_mgmt returns an
PAM_CHANGE_EXPIRED_AUTHOK.
BTW, in adduser.c: s/spoll/spool/
Kind Regrads
--
Nekral
Index: src/su.c
===================================================================
RCS file: /cvsroot/shadow/src/su.c,v
retrieving revision 1.41
diff -u -r1.41 su.c
--- src/su.c 4 Aug 2005 19:13:43 -0000 1.41
+++ src/su.c 5 Aug 2005 22:55:18 -0000
@@ -519,6 +519,16 @@
if (amroot) {
fprintf (stderr, _("%s: %s\n(Ignored)\n"), Prog,
pam_strerror (pamh, ret));
+ } if (ret == PAM_NEW_AUTHTOK_REQD) {
+ ret = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
+ if (ret != PAM_SUCCESS) {
+ SYSLOG ((LOG_ERR, "pam_chauthtok: %s",
+ pam_strerror (pamh, ret)));
+ fprintf (stderr, _("%s: %s\n"), Prog,
+ pam_strerror (pamh, ret));
+ pam_end (pamh, ret);
+ su_failure (tty);
+ }
} else {
SYSLOG ((LOG_ERR, "pam_acct_mgmt: %s",
pam_strerror (pamh, ret)));
