ldap_authenticate.c revision 2
2N/A * The contents of this file are subject to the terms of the 2N/A * Common Development and Distribution License, Version 1.0 only 2N/A * (the "License"). You may not use this file except in compliance 2N/A * See the License for the specific language governing permissions 2N/A * and limitations under the License. 2N/A * When distributing Covered Code, include this CDDL HEADER in each 2N/A * If applicable, add the following below this CDDL HEADER, with the 2N/A * fields enclosed by brackets "[]" replaced with your own identifying 2N/A * information: Portions Copyright [yyyy] [name of copyright owner] 2N/A * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 2N/A * Use is subject to license terms. 2N/A#
pragma ident "%Z%%M% %I% %E% SMI" 2N/A * LDAP module for pam_sm_authenticate. 2N/A * pam_sm_authenticate(): 2N/A * Authenticate user. 2N/A /* Get the service and user */ 2N/A * Check options passed to this module. 2N/A * Silently ignore try_first_pass and use_first_pass options 2N/A * for the time being. 2N/A "ldap pam_sm_authenticate(%s), " 2N/A "ldap pam_sm_authenticate(%s %s), flags = %x %s",
2N/A /* Get the password entered in the first scheme if any */ 2N/A "ldap pam_sm_authenticate(%s %s), " 2N/A * Authenticate user using the password from PAM_AUTHTOK. 2N/A * If no password available or if authentication fails 2N/A * return the appropriate error. 2N/A * PAM_NEW_AUTHTOK_REQD means the 2N/A * user's password is good but needs 2N/A * to change immediately. If the service 2N/A * is login or similar programs, the 2N/A * user will be asked to change the 2N/A * password after the account management 2N/A * module is called and determined that 2N/A * the password has expired. 2N/A * So change the rc to PAM_SUCCESS here. 2N/A * Authentication token is the right one but 2N/A * expired. Consider this as pass. 2N/A * Change rc to PAM_SUCCESS.