summaryrefslogtreecommitdiffstats
path: root/daemons/ipa-kdb/ipa_kdb_principals.c
diff options
context:
space:
mode:
Diffstat (limited to 'daemons/ipa-kdb/ipa_kdb_principals.c')
-rw-r--r--daemons/ipa-kdb/ipa_kdb_principals.c33
1 files changed, 17 insertions, 16 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c
index ed5195fb..249aed2f 100644
--- a/daemons/ipa-kdb/ipa_kdb_principals.c
+++ b/daemons/ipa-kdb/ipa_kdb_principals.c
@@ -1587,6 +1587,23 @@ static krb5_error_code ipadb_entry_to_mods(krb5_context kcontext,
if (kerr) {
goto done;
}
+
+ /* Also set new password expiration time.
+ * Have to do it here because kadmin doesn't know policies and
+ * resets entry->mask after we have gone through the password
+ * change code. */
+ kerr = ipadb_get_pwd_expiration(kcontext, entry,
+ ied, &expire_time);
+ if (kerr) {
+ goto done;
+ }
+
+ kerr = ipadb_get_ldap_mod_time(imods,
+ "krbPasswordExpiration",
+ expire_time, mod_op);
+ if (kerr) {
+ goto done;
+ }
}
if (ied->ipa_user && ied->passwd && ied->pol.history_length) {
@@ -1605,22 +1622,6 @@ static krb5_error_code ipadb_entry_to_mods(krb5_context kcontext,
goto done;
}
}
-
- /* Also set new password expiration time.
- * Have to do it here because kadmin doesn't know policies and resets
- * entry->mask after we have gone through the password change code.
- */
- kerr = ipadb_get_pwd_expiration(kcontext, entry, ied, &expire_time);
- if (kerr) {
- goto done;
- }
-
- kerr = ipadb_get_ldap_mod_time(imods,
- "krbPasswordExpiration",
- expire_time, mod_op);
- if (kerr) {
- goto done;
- }
}
kerr = 0;
generated by cgit (git 2.34.1) at 2024-05-04 07:54:52 +0000