don't log failure to do nslcd request to user and log authentication errors during password change

git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1128 ef36b2f9-881f-0410-afb5-c4e39611909c
author: Arthur de Jong <arthur@arthurdejong.org> 2010-06-01 22:04:11 +0200
committer: Arthur de Jong <arthur@arthurdejong.org> 2010-06-01 22:04:11 +0200
commit: cc014bf0165d3e952465fb473de7335ba43b2eeb (patch)
tree: 948967c8f1577542f936e6fc3cd87c19917437b2 /pam
parent: e3ce3b22a7a66773082c763f14883a76613d43cc (diff)
1 files changed, 5 insertions, 5 deletions
diff --git a/pam/pam.c b/pam/pam.c
index cff833a..d52ce27 100644
--- a/pam/pam.c
+++ b/pam/pam.c
@@ -438,12 +438,7 @@ int pam_sm_acct_mgmt(pam_handle_t *pamh,int flags,int argc,const char **argv)
   else if ((rc==PAM_USER_UNKNOWN)&&cfg.ignore_unknown_user)
     rc=PAM_IGNORE;
   if (rc!=PAM_SUCCESS)
-  {
-    if (rc!=PAM_IGNORE)
-      if (!cfg.no_warn)
-        pam_error(pamh,"LDAP authorization failed");
     return rc;
-  }
   /* check the returned authorisation value */
   if (ctx2.authz!=PAM_SUCCESS)
   {
@@ -571,6 +566,11 @@ int pam_sm_chauthtok(pam_handle_t *pamh,int flags,int argc,const char **argv)
       rc=PAM_IGNORE;
     else if ((rc==PAM_USER_UNKNOWN)&&cfg.ignore_unknown_user)
       rc=PAM_IGNORE;
+    /* log error or success */
+    if (rc!=PAM_SUCCESS)
+      pam_syslog(pamh,LOG_NOTICE,"%s; user=%s",pam_strerror(pamh,rc),username);
+    else if (cfg.debug)
+      pam_syslog(pamh,LOG_DEBUG,"authentication succeeded");
     /* TODO: figure out when to return PAM_TRY_AGAIN */
     /* TODO: if password is incorrect (NSLCD_PAM_AUTH_ERR) log that */
     return rc;
author	Arthur de Jong <arthur@arthurdejong.org>	2010-06-01 22:04:11 +0200
committer	Arthur de Jong <arthur@arthurdejong.org>	2010-06-01 22:04:11 +0200
commit	cc014bf0165d3e952465fb473de7335ba43b2eeb (patch)
tree	948967c8f1577542f936e6fc3cd87c19917437b2 /pam
parent	e3ce3b22a7a66773082c763f14883a76613d43cc (diff)