Relevant BUGIDs: Redhat bz 69279

Purpose of commit: bugfix

Commit summary:
---------------
pam_unix: Forced password change shouldn't trump account expiration

diff --git a/CHANGELOG b/CHANGELOG
index 2b00ebf607497f84c062242bbd92d5fb3a5d2eb7..95da5516bc063092ec5612a3706ef749894a4476 100644 (file)
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -63,6 +63,13 @@ BerliOS Bugs are marked with (BerliOS #XXXX).
 0.78: please submit patches for this section with actual code/doc
       patches!
 
+* pam_unix: change the order of trying password changes - local first,
+  NIS second (t8m)
+* pam_wheel: add option only_root to make it affect authentication 
+  to root account only
+* pam_unix: test return values on renaming files and report error to
+  syslog and to user
+* pam_unix: forced password change shouldn't trump account expiration
 * pam_unix: remove the use of openlog (from debian - toady)
 * pam_unix: NIS cleanup (patch from Philippe Troin)
 * pam_access: you can now authenticate an explicit user on an explicit

diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c
index 2cd2679249f3cfb54563a6c1599c215313e4a799..01925eafa9a1ab4afa382a6ed9d1d2d89bf3fa23 100644 (file)
--- a/modules/pam_unix/pam_unix_acct.c
+++ b/modules/pam_unix/pam_unix_acct.c
@@ -137,8 +137,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags,
 
        curdays = time(NULL) / (60 * 60 * 24);
        D(("today is %d, last change %d", curdays, spent->sp_lstchg));
-       if ((curdays > spent->sp_expire) && (spent->sp_expire != -1)
-           && (spent->sp_lstchg != 0)) {
+       if ((curdays > spent->sp_expire) && (spent->sp_expire != -1)) {
                _log_err(LOG_NOTICE, pamh
                         ,"account %s has expired (account expired)"
                         ,uname);