summaryrefslogtreecommitdiff
path: root/server/providers
diff options
context:
space:
mode:
Diffstat (limited to 'server/providers')
-rw-r--r--server/providers/krb5/krb5_child.c1
-rw-r--r--server/providers/ldap/ldap_auth.c8
2 files changed, 6 insertions, 3 deletions
diff --git a/server/providers/krb5/krb5_child.c b/server/providers/krb5/krb5_child.c
index 08e16b4a..b7303260 100644
--- a/server/providers/krb5/krb5_child.c
+++ b/server/providers/krb5/krb5_child.c
@@ -579,6 +579,7 @@ static errno_t changepw_child(int fd, struct krb5_req *kr)
result_string.length, result_string.data));
}
+ pam_status = PAM_AUTHTOK_ERR;
goto sendresponse;
}
diff --git a/server/providers/ldap/ldap_auth.c b/server/providers/ldap/ldap_auth.c
index fbb4e53b..1d1346c0 100644
--- a/server/providers/ldap/ldap_auth.c
+++ b/server/providers/ldap/ldap_auth.c
@@ -772,7 +772,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req)
if (pw_expire_type == PWEXPIRE_SHADOW) {
/* TODO: implement async ldap modify request */
DEBUG(1, ("Changing shadow password attributes not implemented.\n"));
- state->pd->pam_status = PAM_SYSTEM_ERR;
+ state->pd->pam_status = PAM_MODULE_UNKNOWN;
goto done;
} else {
subreq = sdap_exop_modify_passwd_send(state,
@@ -791,7 +791,9 @@ static void sdap_auth4chpass_done(struct tevent_req *req)
return;
}
break;
-
+ case SDAP_AUTH_FAILED:
+ state->pd->pam_status = PAM_AUTH_ERR;
+ break;
default:
state->pd->pam_status = PAM_SYSTEM_ERR;
}
@@ -821,7 +823,7 @@ static void sdap_pam_chpass_done(struct tevent_req *req)
dp_err = DP_ERR_OK;
break;
default:
- state->pd->pam_status = PAM_SYSTEM_ERR;
+ state->pd->pam_status = PAM_AUTHTOK_ERR;
}
done: