-# endif
-# ifdef WITH_AIXAUTHENTICATE
- {
- char *authmsg;
- int reenter = 1;
- int authsuccess = (authenticate(pw->pw_name, password,
- &reenter, &authmsg) == 0);
- aix_remove_embedded_newlines(authmsg);
-
- if (authsuccess) {
- char *msg;
- char *host =
- (char *)get_canonical_hostname(options.use_dns);
-
- debug3("AIX/authenticate succeeded for user %s: %.100s",
- pw->pw_name, authmsg);
-
- /* No pty yet, so just label the line as "ssh" */
- if (loginsuccess(authctxt->user, host, "ssh",
- &msg) == 0){
- if (msg != NULL) {
- debug("%s: msg %s", __func__, msg);
- buffer_append(&loginmsg, msg,
- strlen(msg));
- xfree(msg);
- }
- }
- } else
- debug3("AIX/authenticate failed for user %s: %.100s",
- pw->pw_name, authmsg);
-
- if (authmsg != NULL)
- xfree(authmsg);
-
- return (authsuccess);
- }
-# endif
-# ifdef KRB4
- if (options.kerberos_authentication == 1) {
- int ret = auth_krb4_password(authctxt, password);
- if (ret == 1 || ret == 0)
- return ret;
- /* Fall back to ordinary passwd authentication. */
+#endif
+#ifdef USE_PAM
+ if (options.use_pam)
+ return (sshpam_auth_passwd(authctxt, password) && ok);
+#endif
+#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
+ if (!expire_checked) {
+ expire_checked = 1;
+ if (auth_shadow_pwexpired(authctxt))
+ authctxt->force_pwchange = 1;