KRB5: Handle ERR_CHPASS_FAILED

The Kerberos provider didn't handle ERR_CHPASS_FAILED at all, which
resulted in the default return code (System Error) to be returned if
password change failed for pretty much any reason, including password
too recent etc.

1 files changed, 6 insertions, 0 deletions

diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index b4c205789..ce461f5ad 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -1024,6 +1024,12 @@ static void krb5_auth_done(struct tevent_req *subreq)
         ret = EOK;
         goto done;
 
+    case ERR_CHPASS_FAILED:
+        state->pam_status = PAM_AUTHTOK_ERR;
+        state->dp_err = DP_ERR_OK;
+        ret = EOK;
+        goto done;
+
     default:
         state->pam_status = PAM_SYSTEM_ERR;
         state->dp_err = DP_ERR_OK;