From 7de0ab21d939a5a304157f75918d0318a95261a3 Mon Sep 17 00:00:00 2001
From: Mario Abajo <marioabajo@gmail.com>
Date: Thu, 6 May 2021 02:10:47 +0200
Subject: [PATCH] login: permit change expired password wit PAM

Signed-off-by: Mario Abajo <marioabajo@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
---
 loginutils/login.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/loginutils/login.c b/loginutils/login.c
index 66ac7cf4c..ce87e318a 100644
--- a/loginutils/login.c
+++ b/loginutils/login.c
@@ -442,6 +442,9 @@ int login_main(int argc UNUSED_PARAM, char **argv)
 		}
 		/* check that the account is healthy */
 		pamret = pam_acct_mgmt(pamh, 0);
+		if (pamret == PAM_NEW_AUTHTOK_REQD) {
+			pamret = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
+		}
 		if (pamret != PAM_SUCCESS) {
 			failed_msg = "acct_mgmt";
 			goto pam_auth_failed;