krb5: try delayed online authentication only for single factor auth

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
author: Sumit Bose <sbose@redhat.com> 2015-03-25 12:04:57 +0100
committer: Sumit Bose <sbose@redhat.com> 2015-05-08 09:14:23 +0200
commit: 2d0e7658198d1aa6e3926bf967ff683660249114 (patch)
tree: e57cb8d24bcaeef6bbe5faaf8b068813878d955b
parent: c5ae04b2da970a3991f21173acae3e892198ce0c (diff)
download: sssd-2d0e7658198d1aa6e3926bf967ff683660249114.tar.gz
sssd-2d0e7658198d1aa6e3926bf967ff683660249114.tar.xz
sssd-2d0e7658198d1aa6e3926bf967ff683660249114.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index b003a8a00..91989df42 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -207,6 +207,13 @@ static void krb5_auth_cache_creds(struct krb5_ctx *krb5_ctx,
     const char *password = NULL;
     errno_t ret;
 
+    if (sss_authtok_get_type(pd->authtok) != SSS_AUTHTOK_TYPE_PASSWORD) {
+        DEBUG(SSSDBG_MINOR_FAILURE,
+              "Delayed authentication is only available for password "
+              "authentication (single factor).\n");
+        return;
+    }
+
     ret = sss_authtok_get_password(pd->authtok, &password, NULL);
     if (ret != EOK) {
         DEBUG(SSSDBG_FATAL_FAILURE,
author	Sumit Bose <sbose@redhat.com>	2015-03-25 12:04:57 +0100
committer	Sumit Bose <sbose@redhat.com>	2015-05-08 09:14:23 +0200
commit	2d0e7658198d1aa6e3926bf967ff683660249114 (patch)
tree	e57cb8d24bcaeef6bbe5faaf8b068813878d955b
parent	c5ae04b2da970a3991f21173acae3e892198ce0c (diff)
download	sssd-2d0e7658198d1aa6e3926bf967ff683660249114.tar.gz sssd-2d0e7658198d1aa6e3926bf967ff683660249114.tar.xz sssd-2d0e7658198d1aa6e3926bf967ff683660249114.zip