PAM module does never accept a valid fingerprint on the last try
The pam module seems to never accept a valid fingerprint using the last try, which might be the only try when using max-tries=1
.
This probably was introduced with this if statement, which makes PAM return an error after the last try regardless if the value of ret
is PAM_SUCCESS
.
I'd suggest to use instead:
if (ret == PAM_AUTH_ERR && data->max_tries == 0)
ret = PAM_MAXTRIES;
or to add break statements to the other else if
branches in lines 418 and 420.
Thanks for this great project!