diff --git a/ChangeLog b/ChangeLog index 48336987c..384e1578b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,7 @@ 20011028 - (djm) Avoid bug in Solaris PAM libs - (djm) Disconnect if no tty and PAM reports password expired + - (djm) Fix for PAM password changes being echoed (from stevesk) 20011027 - (tim) [configure.ac] Fixes for ReliantUNIX (don't use libucb) @@ -6778,4 +6779,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1623 2001/10/28 11:34:52 djm Exp $ +$Id: ChangeLog,v 1.1624 2001/10/28 11:36:55 djm Exp $ diff --git a/auth-pam.c b/auth-pam.c index 2767eb156..08ba132a4 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -35,7 +35,7 @@ extern char *__progname; -RCSID("$Id: auth-pam.c,v 1.38 2001/10/28 11:33:48 djm Exp $"); +RCSID("$Id: auth-pam.c,v 1.39 2001/10/28 11:36:56 djm Exp $"); #define NEW_AUTHTOK_MSG \ "Warning: Your password has expired, please change it now" @@ -87,7 +87,7 @@ int do_pam_authenticate(int flags) * messages with into __pam_msg. This is used during initial * authentication to bypass the normal PAM password prompt. * - * OTHER mode handles PAM_PROMPT_ECHO_OFF with read_passphrase(prompt, 1) + * OTHER mode handles PAM_PROMPT_ECHO_OFF with read_passphrase() * and outputs messages to stderr. This mode is used if pam_chauthtok() * is called to update expired passwords. */ @@ -146,9 +146,9 @@ static int do_pam_conversation(int num_msg, const struct pam_message **msg, reply[count].resp_retcode = PAM_SUCCESS; break; case PAM_PROMPT_ECHO_OFF: - reply[count].resp = xstrdup( + reply[count].resp = read_passphrase(PAM_MSG_MEMBER(msg, count, - msg), 1)); + msg), RP_ALLOW_STDIN)); reply[count].resp_retcode = PAM_SUCCESS; break; case PAM_ERROR_MSG: