pkgs/pam_ldap/patches/pam_ldap-176-authenticateOnChangeExpiredAuthtok.patch

   1 --- pam_ldap-176/pam_ldap.c     2011-01-06 07:37:12.000000000 -0800
   2 +++ pam_ldap-176/pam_ldap.c     2011-01-06 07:38:59.000000000 -0800
   3 @@ -3415,7 +3415,7 @@
   4        if (rc != PAM_SUCCESS)
   5         return rc;
   6
   7 -      if (!(session->conf->rootbinddn && getuid () == 0))
   8 +      if (!(session->conf->rootbinddn && getuid () == 0 && !(flags & PAM_CHANGE_EXPIRED_AUTHTOK)))
   9         {
  10           /* we are not root, authenticate old password */
  11           if (try_first_pass || use_first_pass)