</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term>try_authtok</term>
+ <listitem><para>
+ Same as the use_authtok option (previous item), except that if the new password is not
+ valid, PAM will prompt for a password.
+ </para></listitem>
+ </varlistentry>
+
<varlistentry>
<term>krb5_auth</term>
<listitem><para>
ctrl |= WINBIND_SILENT;
else if (!strcasecmp(*v, "use_authtok"))
ctrl |= WINBIND_USE_AUTHTOK_ARG;
+ else if (!strcasecmp(*v, "try_authtok"))
+ ctrl |= WINBIND_TRY_AUTHTOK_ARG;
else if (!strcasecmp(*v, "use_first_pass"))
ctrl |= WINBIND_USE_FIRST_PASS_ARG;
else if (!strcasecmp(*v, "try_first_pass"))
if (on(WINBIND_USE_AUTHTOK_ARG, lctrl)) {
lctrl |= WINBIND_USE_FIRST_PASS_ARG;
}
+ if (on(WINBIND_TRY_AUTHTOK_ARG, lctrl)) {
+ lctrl |= WINBIND_TRY_FIRST_PASS_ARG;
+ }
retry = 0;
ret = PAM_AUTHTOK_ERR;
while ((ret != PAM_SUCCESS) && (retry++ < MAX_PASSWD_TRIES)) {
#define WINBIND_DEBUG_STATE 0x00001000
#define WINBIND_WARN_PWD_EXPIRE 0x00002000
#define WINBIND_MKHOMEDIR 0x00004000
+#define WINBIND_TRY_AUTHTOK_ARG 0x00008000
#if defined(HAVE_GETTEXT) && !defined(__LCLINT__)
#define _(string) dgettext(MODULE_NAME, string)