- /* XXX: should we really loop forever? */
- do {
- pam_retval = pam_chauthtok(pamh,
- PAM_CHANGE_EXPIRED_AUTHTOK);
- if (pam_retval != PAM_SUCCESS)
- log("PAM pam_chauthtok failed[%d]: %.200s",
- pam_retval, PAM_STRERROR(pamh, pam_retval));
- } while (pam_retval != PAM_SUCCESS);
+ pam_retval = pam_chauthtok(__pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
+ if (pam_retval != PAM_SUCCESS)
+ fatal("PAM pam_chauthtok failed[%d]: %.200s",
+ pam_retval, PAM_STRERROR(__pamh, pam_retval));
+#if 0
+ /* XXX: This would need to be done in the parent process,
+ * but there's currently no way to pass such request. */
+ no_port_forwarding_flag &= ~2;
+ no_agent_forwarding_flag &= ~2;
+ no_x11_forwarding_flag &= ~2;
+ if (!no_port_forwarding_flag && options.allow_tcp_forwarding)
+ channel_permit_all_opens();
+#endif