summaryrefslogtreecommitdiff
path: root/sss_client
diff options
context:
space:
mode:
Diffstat (limited to 'sss_client')
-rw-r--r--sss_client/pam_sss.c16
1 files changed, 16 insertions, 0 deletions
diff --git a/sss_client/pam_sss.c b/sss_client/pam_sss.c
index 6fb76370..d03407c9 100644
--- a/sss_client/pam_sss.c
+++ b/sss_client/pam_sss.c
@@ -170,9 +170,18 @@ static int pam_sss(int task, pam_handle_t *pamh, int flags, int argc,
struct pam_response *resp=NULL;
int pam_status;
char *newpwd[2];
+ int forward_pass = 0;
D(("Hello pam_sssd: %d", task));
+ for (; argc-- > 0; ++argv) {
+ if (strcmp(*argv, "forward_pass") == 0) {
+ forward_pass = 1;
+ } else {
+ D(("unknown option: %s", *argv));
+ }
+ }
+
/* TODO: add useful prelim check */
if (task == SSS_PAM_CHAUTHTOK && (flags & PAM_PRELIM_CHECK)) {
D(("ignoring PAM_PRELIM_CHECK"));
@@ -226,6 +235,13 @@ static int pam_sss(int task, pam_handle_t *pamh, int flags, int argc,
pi.pam_authtok_type = SSS_AUTHTOK_TYPE_PASSWORD;
}
pi.pam_authtok_size=strlen(pi.pam_authtok);
+
+ if (forward_pass != 0) {
+ ret = pam_set_item(pamh, PAM_AUTHTOK, resp[0].resp);
+ if (ret != PAM_SUCCESS) {
+ D(("Failed to set PAM_AUTHTOK, authtok may not be available for other modules"));
+ }
+ }
}
if (task == SSS_PAM_CHAUTHTOK) {