]> granicus.if.org Git - sudo/commitdiff
If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more useful
authorTodd C. Miller <Todd.Miller@courtesan.com>
Mon, 11 Oct 2010 13:12:23 +0000 (09:12 -0400)
committerTodd C. Miller <Todd.Miller@courtesan.com>
Mon, 11 Oct 2010 13:12:23 +0000 (09:12 -0400)
message and return AUTH_FATAL so sudo does not keep trying to validate
the user.

plugins/sudoers/auth/pam.c

index 53cf6349c9647c8cf0f4437686b08ac2789b0074..d828e03f5172b9f1e3c111992623359c91317ee7 100644 (file)
@@ -140,9 +140,9 @@ pam_verify(struct passwd *pw, char *prompt, sudo_auth *auth)
                case PAM_SUCCESS:
                    return(AUTH_SUCCESS);
                case PAM_AUTH_ERR:
-                   log_error(NO_EXIT|NO_MAIL, "pam_acct_mgmt: %d",
-                       *pam_status);
-                   return(AUTH_FAILURE);
+                   log_error(NO_EXIT|NO_MAIL,
+                       "account validation failure, is your account locked?");
+                   return(AUTH_FATAL);
                case PAM_NEW_AUTHTOK_REQD:
                    log_error(NO_EXIT|NO_MAIL, "%s, %s",
                        "Account or password is expired",