diff options
-rw-r--r-- | auth-pam.c | 21 |
1 files changed, 9 insertions, 12 deletions
diff --git a/auth-pam.c b/auth-pam.c index bc8e5e02d..9574d9ac7 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
@@ -106,7 +106,6 @@ extern char *__progname; | |||
106 | 106 | ||
107 | extern ServerOptions options; | 107 | extern ServerOptions options; |
108 | extern Buffer loginmsg; | 108 | extern Buffer loginmsg; |
109 | extern int compat20; | ||
110 | extern u_int utmp_len; | 109 | extern u_int utmp_len; |
111 | 110 | ||
112 | /* so we don't silently change behaviour */ | 111 | /* so we don't silently change behaviour */ |
@@ -468,18 +467,16 @@ sshpam_thread(void *ctxtp) | |||
468 | if (sshpam_err != PAM_SUCCESS) | 467 | if (sshpam_err != PAM_SUCCESS) |
469 | goto auth_fail; | 468 | goto auth_fail; |
470 | 469 | ||
471 | if (compat20) { | 470 | if (!do_pam_account()) { |
472 | if (!do_pam_account()) { | 471 | sshpam_err = PAM_ACCT_EXPIRED; |
473 | sshpam_err = PAM_ACCT_EXPIRED; | 472 | goto auth_fail; |
473 | } | ||
474 | if (sshpam_authctxt->force_pwchange) { | ||
475 | sshpam_err = pam_chauthtok(sshpam_handle, | ||
476 | PAM_CHANGE_EXPIRED_AUTHTOK); | ||
477 | if (sshpam_err != PAM_SUCCESS) | ||
474 | goto auth_fail; | 478 | goto auth_fail; |
475 | } | 479 | sshpam_password_change_required(0); |
476 | if (sshpam_authctxt->force_pwchange) { | ||
477 | sshpam_err = pam_chauthtok(sshpam_handle, | ||
478 | PAM_CHANGE_EXPIRED_AUTHTOK); | ||
479 | if (sshpam_err != PAM_SUCCESS) | ||
480 | goto auth_fail; | ||
481 | sshpam_password_change_required(0); | ||
482 | } | ||
483 | } | 480 | } |
484 | 481 | ||
485 | buffer_put_cstring(&buffer, "OK"); | 482 | buffer_put_cstring(&buffer, "OK"); |