IPA/KRB5: handle KRB5_PROG_ETYPE_NOSUPP during IPA password migration

Fixes https://fedorahosted.org/sssd/ticket/2279 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 63bf0b7697d5a51b5338070d0e2652d49a4728ce)
author: Sumit Bose <sbose@redhat.com> 2014-03-11 13:16:14 +0100
committer: Jakub Hrozek <jhrozek@redhat.com> 2014-03-12 18:51:09 +0100
commit: f8a49b3bff8d3969824fc7ba4e90d229f0c4edea (patch)
tree: 92e9952b6fab0e3ac9319c9532c1747c052df270
parent: 83eedf41e97e3fae59d92c0331cb3d1dc62a9010 (diff)
download: sssd-f8a49b3bff8d3969824fc7ba4e90d229f0c4edea.tar.gz
sssd-f8a49b3bff8d3969824fc7ba4e90d229f0c4edea.tar.xz
sssd-f8a49b3bff8d3969824fc7ba4e90d229f0c4edea.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index 461a27464..af303e6c8 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -986,6 +986,10 @@ static errno_t map_krb5_error(krb5_error_code kerr)
     case KRB5KRB_AP_ERR_BAD_INTEGRITY:
         return ERR_AUTH_FAILED;
 
+    /* ERR_CREDS_INVALID is used to indicate to the IPA provider that trying
+     * password migration would make sense. All Kerberos error codes which can
+     * be seen while migrating LDAP users to IPA should be added here. */
+    case KRB5_PROG_ETYPE_NOSUPP:
     case KRB5_PREAUTH_FAILED:
     case KRB5KDC_ERR_PREAUTH_FAILED:
         return ERR_CREDS_INVALID;
author	Sumit Bose <sbose@redhat.com>	2014-03-11 13:16:14 +0100
committer	Jakub Hrozek <jhrozek@redhat.com>	2014-03-12 18:51:09 +0100
commit	f8a49b3bff8d3969824fc7ba4e90d229f0c4edea (patch)
tree	92e9952b6fab0e3ac9319c9532c1747c052df270
parent	83eedf41e97e3fae59d92c0331cb3d1dc62a9010 (diff)
download	sssd-f8a49b3bff8d3969824fc7ba4e90d229f0c4edea.tar.gz sssd-f8a49b3bff8d3969824fc7ba4e90d229f0c4edea.tar.xz sssd-f8a49b3bff8d3969824fc7ba4e90d229f0c4edea.zip