And even more, I think it may/should include:
> > if (amroot) {
> > fprintf (stderr, _("%s: %s\n(Ignored)\n"), Prog,
> > pam_strerror (pamh, ret));
> > + } else if (ret == PAM_NEW_AUTHTOK_REQD) {
+ SYSLOG ((LOG_NOTICE, "pam_chauthtok: %s",
+ pam_strerror (pamh, ret)));
> > + ret = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
I.e. make notice to syslog independently on the user
changing her "authtok" successfully or not.
and instead of:
> > + if (ret != PAM_SUCCESS) {
> > + SYSLOG ((LOG_ERR, "pam_chauthtok: %s",
> > + pam_strerror (pamh, ret)));
> > + fprintf (stderr, _("%s: %s\n"), Prog,
> > + pam_strerror (pamh, ret));
> > + pam_end (pamh, ret);
> > + su_failure (tty);
> > + }
maybe just PAM_FAIL_CHECK;???
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
