summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--auth-pam.c21
1 files changed, 9 insertions, 12 deletions
diff --git a/auth-pam.c b/auth-pam.c
index bc8e5e02d..9574d9ac7 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -106,7 +106,6 @@ extern char *__progname;
106 106
107extern ServerOptions options; 107extern ServerOptions options;
108extern Buffer loginmsg; 108extern Buffer loginmsg;
109extern int compat20;
110extern u_int utmp_len; 109extern u_int utmp_len;
111 110
112/* so we don't silently change behaviour */ 111/* so we don't silently change behaviour */
@@ -468,18 +467,16 @@ sshpam_thread(void *ctxtp)
468 if (sshpam_err != PAM_SUCCESS) 467 if (sshpam_err != PAM_SUCCESS)
469 goto auth_fail; 468 goto auth_fail;
470 469
471 if (compat20) { 470 if (!do_pam_account()) {
472 if (!do_pam_account()) { 471 sshpam_err = PAM_ACCT_EXPIRED;
473 sshpam_err = PAM_ACCT_EXPIRED; 472 goto auth_fail;
473 }
474 if (sshpam_authctxt->force_pwchange) {
475 sshpam_err = pam_chauthtok(sshpam_handle,
476 PAM_CHANGE_EXPIRED_AUTHTOK);
477 if (sshpam_err != PAM_SUCCESS)
474 goto auth_fail; 478 goto auth_fail;
475 } 479 sshpam_password_change_required(0);
476 if (sshpam_authctxt->force_pwchange) {
477 sshpam_err = pam_chauthtok(sshpam_handle,
478 PAM_CHANGE_EXPIRED_AUTHTOK);
479 if (sshpam_err != PAM_SUCCESS)
480 goto auth_fail;
481 sshpam_password_change_required(0);
482 }
483 } 480 }
484 481
485 buffer_put_cstring(&buffer, "OK"); 482 buffer_put_cstring(&buffer, "OK");