diff --git a/etc/pam.d/Makefile.am b/etc/pam.d/Makefile.am
index b8e4321f1..a723e381e 100644
--- a/etc/pam.d/Makefile.am
+++ b/etc/pam.d/Makefile.am
@@ -11,7 +11,6 @@ pamd_files = \
passwd
pamd_acct_tools_files = \
- chage \
chgpasswd \
groupadd \
groupdel \
diff --git a/etc/pam.d/chage b/etc/pam.d/chage
deleted file mode 100644
index 8f49f5cc8..000000000
--- a/etc/pam.d/chage
+++ /dev/null
@@ -1,4 +0,0 @@
-#%PAM-1.0
-auth sufficient pam_rootok.so
-account required pam_permit.so
-password include system-auth
diff --git a/man/chage.1.xml b/man/chage.1.xml
index 060409b83..b58011185 100644
--- a/man/chage.1.xml
+++ b/man/chage.1.xml
@@ -208,8 +208,7 @@
found under the directory PREFIX_DIR.
This option does not chroot and is intended for preparing a cross-compilation
target. Some limitations: NIS and LDAP users/groups are
- not verified. PAM authentication is using the host files.
- No SELINUX support.
+ not verified. No SELINUX support.
diff --git a/src/Makefile.am b/src/Makefile.am
index d4e6f3ab7..698181509 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -99,7 +99,7 @@ else
LIBCRYPT_NOPAM = $(LIBCRYPT)
endif
-chage_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) -ldl
+chage_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) -ldl
newuidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) $(LIBECONF) -ldl
newgidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) $(LIBECONF) -ldl
chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
diff --git a/src/chage.c b/src/chage.c
index a7933e0d8..aed8e5b6f 100644
--- a/src/chage.c
+++ b/src/chage.c
@@ -19,11 +19,6 @@
#include
#include
#include
-#ifdef ACCT_TOOLS_SETUID
-#ifdef USE_PAM
-#include "pam_defs.h"
-#endif /* USE_PAM */
-#endif /* ACCT_TOOLS_SETUID */
#include
#include "atoi/a2i/a2s.h"
@@ -474,23 +469,10 @@ static void check_flags (int argc, int opt_index)
* (we will later make sure that the user is only listing her aging
* information)
*
- * With PAM support, the setuid bit can be set on chage to allow
- * non-root users to groups.
- * Without PAM support, only users who can write in the group databases
- * can add groups.
- *
* It will not return if the user is not allowed.
*/
static void check_perms (void)
{
-#ifdef ACCT_TOOLS_SETUID
-#ifdef USE_PAM
- pam_handle_t *pamh = NULL;
- struct passwd *pampw;
- int retval;
-#endif /* USE_PAM */
-#endif /* ACCT_TOOLS_SETUID */
-
/*
* An unprivileged user can ask for their own aging information, but
* only root can change it, or list another user's aging
@@ -501,39 +483,6 @@ static void check_perms (void)
fprintf (stderr, _("%s: Permission denied.\n"), Prog);
fail_exit (E_NOPERM);
}
-
-#ifdef ACCT_TOOLS_SETUID
-#ifdef USE_PAM
- pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
- if (NULL == pampw) {
- fprintf (stderr,
- _("%s: Cannot determine your user name.\n"),
- Prog);
- exit (E_NOPERM);
- }
-
- retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
-
- if (PAM_SUCCESS == retval) {
- retval = pam_authenticate (pamh, 0);
- }
-
- if (PAM_SUCCESS == retval) {
- retval = pam_acct_mgmt (pamh, 0);
- }
-
- if (PAM_SUCCESS != retval) {
- fprintf (stderr, _("%s: PAM: %s\n"),
- Prog, pam_strerror (pamh, retval));
- SYSLOG((LOG_ERR, "%s", pam_strerror (pamh, retval)));
- if (NULL != pamh) {
- (void) pam_end (pamh, retval);
- }
- fail_exit (E_NOPERM);
- }
- (void) pam_end (pamh, retval);
-#endif /* USE_PAM */
-#endif /* ACCT_TOOLS_SETUID */
}
/*