X-Git-Url: http://git.hungrycats.org/cgi-bin/gitweb.cgi?p=xscreensaver;a=blobdiff_plain;f=driver%2Fpasswd-pam.c;h=52347aad5f3fcd10e7e00e5545f48cfaea1be149;hp=a5abb806cef71521c5291cb6c0baded8270e75f4;hb=447db08c956099b3b183886729108bf5b364c4b8;hpb=2d04c4f22466851aedb6ed0f2919d148f726b889

diff --git a/driver/passwd-pam.c b/driver/passwd-pam.c
index a5abb806..52347aad 100644
--- a/driver/passwd-pam.c
+++ b/driver/passwd-pam.c
@@ -258,6 +258,18 @@ pam_passwd_valid_p (const char *typed_passwd, Bool verbose_p)
              blurb(), status, PAM_STRERROR(pamh, status));
   if (status == PAM_SUCCESS)  /* Win! */
     {
+      int status2;
+
+      /* We don't actually care if the account modules fail or succeed,
+       * but we need to run them anyway because certain pam modules
+       * depend on side effects of the account modules getting run.
+       */
+      status2 = pam_acct_mgmt (pamh, 0);
+
+      if (verbose_p)
+        fprintf (stderr, "%s:   pam_acct_mgmt (...) ==> %d (%s)\n",
+                 blurb(), status2, PAM_STRERROR(pamh, status2));
+
       /* Each time we successfully authenticate, refresh credentials,
          for Kerberos/AFS/DCE/etc.  If this fails, just ignore that
          failure and blunder along; it shouldn't matter.
@@ -267,7 +279,7 @@ pam_passwd_valid_p (const char *typed_passwd, Bool verbose_p)
          says that the Linux PAM library ignores that one, and only refreshes
          credentials when using PAM_REINITIALIZE_CRED.
        */
-      int status2 = pam_setcred (pamh, PAM_REINITIALIZE_CRED);
+      status2 = pam_setcred (pamh, PAM_REINITIALIZE_CRED);
       if (verbose_p)
         fprintf (stderr, "%s:   pam_setcred (...) ==> %d (%s)\n",
                  blurb(), status2, PAM_STRERROR(pamh, status2));