diff options
author | Nathaniel McCallum <npmccallum@redhat.com> | 2014-05-02 14:55:07 -0400 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-05-22 16:46:01 +0200 |
commit | 58f8ebf49148172c6f3b1d22bcd7ea0fb3fb21c7 (patch) | |
tree | 9852cdbefc109f4901a83a2d12d9ed1cdafe03d3 /daemons/ipa-kdb | |
parent | 86f943ca180a72c4cfa3a8a03226f2471a97981b (diff) | |
download | freeipa-58f8ebf49148172c6f3b1d22bcd7ea0fb3fb21c7.tar.gz freeipa-58f8ebf49148172c6f3b1d22bcd7ea0fb3fb21c7.tar.xz freeipa-58f8ebf49148172c6f3b1d22bcd7ea0fb3fb21c7.zip |
kdb: Don't provide password expiration when using only RADIUS
If the KDC doesn't use the FreeIPA password for authentication, then it is
futile to provide this information. Doing so will only confuse the user. It
also causes password change dialogues when the password is irrelevant.
https://fedorahosted.org/freeipa/ticket/4299
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'daemons/ipa-kdb')
-rw-r--r-- | daemons/ipa-kdb/ipa_kdb_principals.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c index f0be76ea7..d2be98886 100644 --- a/daemons/ipa-kdb/ipa_kdb_principals.c +++ b/daemons/ipa-kdb/ipa_kdb_principals.c @@ -429,6 +429,10 @@ static krb5_error_code ipadb_parse_ldap_entry(krb5_context kcontext, switch (ret) { case 0: entry->pw_expiration = restime; + + /* If we are using only RADIUS, we don't know expiration. */ + if (ua == IPADB_USER_AUTH_RADIUS) + entry->pw_expiration = 0; case ENOENT: break; default: |