login: add option to not reset username on each attempt

[kzak@redhat.com: - use different message on failed password]

Addresses: https://github.com/karelzak/util-linux/pull/1138
Addresses: https://github.com/karelzak/util-linux/issues/6
Signed-off-by: Karel Zak <kzak@redhat.com>

diff --git a/login-utils/login.1 b/login-utils/login.1
index 9bebaa0dec06c8cff58deeeff214667b653044e8..be770d19b0525f77b6aeec0dfd730f2c23e71a34 100644 (file)
--- a/login-utils/login.1
+++ b/login-utils/login.1
@@ -225,6 +225,15 @@ value is
 .IR 3 .
 .RE
 .PP
+.B LOGIN_KEEP_USERNAME
+(boolean)
+.RS 4
+Tell
+.B login
+to only re-prompt for the password if authentication failed, but the username is valid. The default value is
+.IR no .
+.RE
+.PP
 .B FAIL_DELAY
 (number)
 .RS 4

diff --git a/login-utils/login.c b/login-utils/login.c
index d11560a15e94585fc4e6651ce3400106db61ee24..248cfb2e305f0116d931eb8e6a7f200ab999cb89 100644 (file)
--- a/login-utils/login.c
+++ b/login-utils/login.c
@@ -826,7 +826,7 @@ static pam_handle_t *init_loginpam(struct login_context *cxt)
 
 static void loginpam_auth(struct login_context *cxt)
 {
-       int rc, show_unknown;
+       int rc, show_unknown, keep_username;
        unsigned int retries, failcount = 0;
        const char *hostname = cxt->hostname ? cxt->hostname :
                               cxt->tty_name ? cxt->tty_name : "<unknown>";
@@ -837,6 +837,7 @@ static void loginpam_auth(struct login_context *cxt)
 
        show_unknown = getlogindefs_bool("LOG_UNKFAIL_ENAB", 0);
        retries = getlogindefs_num("LOGIN_RETRIES", LOGIN_MAX_TRIES);
+       keep_username = getlogindefs_bool("LOGIN_KEEP_USERNAME", 0);
 
        /*
         * There may be better ways to deal with some of these conditions, but
@@ -871,9 +872,13 @@ static void loginpam_auth(struct login_context *cxt)
                log_btmp(cxt);
                log_audit(cxt, 0);
 
-               fprintf(stderr, _("Login incorrect\n\n"));
 
-               pam_set_item(pamh, PAM_USER, NULL);
+               if (!keep_username || rc == PAM_USER_UNKNOWN) {
+                       pam_set_item(pamh, PAM_USER, NULL);
+                       fprintf(stderr, _("Login incorrect\n\n"));
+               } else
+                       fprintf(stderr, _("Password incorrect\n\n"));
+
                rc = pam_authenticate(pamh, 0);
        }