diff options
author | Sumit Bose <sbose@redhat.com> | 2014-03-11 13:16:14 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-03-12 18:51:09 +0100 |
commit | f8a49b3bff8d3969824fc7ba4e90d229f0c4edea (patch) | |
tree | 92e9952b6fab0e3ac9319c9532c1747c052df270 | |
parent | 83eedf41e97e3fae59d92c0331cb3d1dc62a9010 (diff) | |
download | sssd-f8a49b3bff8d3969824fc7ba4e90d229f0c4edea.tar.gz sssd-f8a49b3bff8d3969824fc7ba4e90d229f0c4edea.tar.xz sssd-f8a49b3bff8d3969824fc7ba4e90d229f0c4edea.zip |
IPA/KRB5: handle KRB5_PROG_ETYPE_NOSUPP during IPA password migration
Fixes https://fedorahosted.org/sssd/ticket/2279
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 63bf0b7697d5a51b5338070d0e2652d49a4728ce)
-rw-r--r-- | src/providers/krb5/krb5_child.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index 461a27464..af303e6c8 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -986,6 +986,10 @@ static errno_t map_krb5_error(krb5_error_code kerr) case KRB5KRB_AP_ERR_BAD_INTEGRITY: return ERR_AUTH_FAILED; + /* ERR_CREDS_INVALID is used to indicate to the IPA provider that trying + * password migration would make sense. All Kerberos error codes which can + * be seen while migrating LDAP users to IPA should be added here. */ + case KRB5_PROG_ETYPE_NOSUPP: case KRB5_PREAUTH_FAILED: case KRB5KDC_ERR_PREAUTH_FAILED: return ERR_CREDS_INVALID; |