From: Todd C. Miller Date: Mon, 11 Oct 2010 12:55:31 +0000 (-0400) Subject: If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more useful X-Git-Tag: SUDO_1_7_5~131 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b6580ba1db2a2a7b2ab3c7bf5c37815cf8bd1717;p=sudo If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more useful message and return AUTH_FATAL so sudo does not keep trying to validate the user. --HG-- branch : 1.7 --- diff --git a/auth/pam.c b/auth/pam.c index ca2ef1069..c2a5b3e38 100644 --- a/auth/pam.c +++ b/auth/pam.c @@ -147,9 +147,9 @@ pam_verify(pw, prompt, auth) case PAM_SUCCESS: return(AUTH_SUCCESS); case PAM_AUTH_ERR: - log_error(NO_EXIT|NO_MAIL, "pam_acct_mgmt: %d", - *pam_status); - return(AUTH_FAILURE); + log_error(NO_EXIT|NO_MAIL, + "account validation failure, is your account locked?"); + return(AUTH_FATAL); case PAM_NEW_AUTHTOK_REQD: log_error(NO_EXIT|NO_MAIL, "%s, %s", "Account or password is expired",