diff options
Diffstat (limited to 'daemons/ipa-kdb')
| -rw-r--r-- | daemons/ipa-kdb/ipa_kdb_passwords.c | 2 | ||||
| -rw-r--r-- | daemons/ipa-kdb/ipa_kdb_principals.c | 33 |
2 files changed, 18 insertions, 17 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb_passwords.c b/daemons/ipa-kdb/ipa_kdb_passwords.c index 18be9be01..28ec382d9 100644 --- a/daemons/ipa-kdb/ipa_kdb_passwords.c +++ b/daemons/ipa-kdb/ipa_kdb_passwords.c @@ -279,7 +279,7 @@ krb5_error_code ipadb_get_pwd_expiration(krb5_context context, time_t *expire_time) { krb5_error_code kerr; - krb5_timestamp mod_time; + krb5_timestamp mod_time = 0; krb5_principal mod_princ = NULL; krb5_boolean truexp = true; diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c index ed5195fb9..249aed2f6 100644 --- a/daemons/ipa-kdb/ipa_kdb_principals.c +++ b/daemons/ipa-kdb/ipa_kdb_principals.c @@ -1587,6 +1587,23 @@ static krb5_error_code ipadb_entry_to_mods(krb5_context kcontext, if (kerr) { goto done; } + + /* Also set new password expiration time. + * Have to do it here because kadmin doesn't know policies and + * resets entry->mask after we have gone through the password + * change code. */ + kerr = ipadb_get_pwd_expiration(kcontext, entry, + ied, &expire_time); + if (kerr) { + goto done; + } + + kerr = ipadb_get_ldap_mod_time(imods, + "krbPasswordExpiration", + expire_time, mod_op); + if (kerr) { + goto done; + } } if (ied->ipa_user && ied->passwd && ied->pol.history_length) { @@ -1605,22 +1622,6 @@ static krb5_error_code ipadb_entry_to_mods(krb5_context kcontext, goto done; } } - - /* Also set new password expiration time. - * Have to do it here because kadmin doesn't know policies and resets - * entry->mask after we have gone through the password change code. - */ - kerr = ipadb_get_pwd_expiration(kcontext, entry, ied, &expire_time); - if (kerr) { - goto done; - } - - kerr = ipadb_get_ldap_mod_time(imods, - "krbPasswordExpiration", - expire_time, mod_op); - if (kerr) { - goto done; - } } kerr = 0; |