GDM does not permit login when the user's password needs changing, as is commonly the case when a user logs in for the first time after a random initial password has been created for them by a system administrator. The following patch fixes this problem by allowing gdm to let PAM prompt for the new password: --- gdm-2.0beta2/daemon/verify.c.orig Wed Sep 1 16:08:51 1999 +++ gdm-2.0beta2/daemon/verify.c Mon Dec 20 15:48:31 1999 @@ -167,7 +167,12 @@ goto pamerr; } - if ((pamerr = pam_acct_mgmt (pamh, 0)) != PAM_SUCCESS) { + pamerr = pam_acct_mgmt(pamh,0); + if (pamerr == PAM_NEW_AUTHTOK_REQD) { + pamerr = pam_chauthtok(pamh,PAM_CHANGE_EXPIRED_AUTHTOK); + } + + if (pamerr != PAM_SUCCESS) { gdm_error (_("Couldn't set acct. mgmt for %s"), login); goto pamerr; }
Thanks for the patch - I've applied it, and it will be in gdm-2.0beta2-18 in Rawhide very soon.