diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2012-08-14 14:12:18 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-10-15 15:34:58 +0200 |
| commit | 01d4ea3569e143ff56833ae2f321aadde9a9e650 (patch) | |
| tree | 9e97439922bb73e0bbd29b41abebc932bb507a8c | |
| parent | f45e0a3c42e49d155dfd7557613843355e638453 (diff) | |
| download | sssd-01d4ea3569e143ff56833ae2f321aadde9a9e650.tar.gz sssd-01d4ea3569e143ff56833ae2f321aadde9a9e650.tar.xz sssd-01d4ea3569e143ff56833ae2f321aadde9a9e650.zip | |
KRB5: Only return PAM error for unreachable kpasswd when performing chpassrhel6.3
https://fedorahosted.org/sssd/ticket/1452
| -rw-r--r-- | src/providers/krb5/krb5_auth.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index 7810c250f..83dcfae82 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -583,10 +583,12 @@ static void krb5_resolve_kpasswd_done(struct tevent_req *subreq) ret = be_resolve_server_recv(subreq, &state->kr->kpasswd_srv); talloc_zfree(subreq); - if (ret) { + if (ret != EOK && + (state->kr->pd->cmd == SSS_PAM_CHAUTHTOK || + state->kr->pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM)) { /* all kpasswd servers have been tried and none was found good, but the * kdc seems ok. Password changes are not possible but - * authentication. We return an PAM error here, but do not mark the + * authentication is. We return an PAM error here, but do not mark the * backend offline. */ state->pam_status = PAM_AUTHTOK_LOCK_BUSY; state->dp_err = DP_ERR_OK; |