summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRalf Haferkamp <rhafer@suse.de>2010-03-12 14:42:09 +0100
committerStephen Gallagher <sgallagh@redhat.com>2010-03-15 08:15:23 -0400
commit115d0ab97d1d6dcfabcfbef797038775ff346d67 (patch)
tree38d603b29df98cf0c8560ebad3136fe93ecafdd7
parent5f92a563ea89f4fb82401168cf65fff4b85124cc (diff)
downloadsssd-115d0ab97d1d6dcfabcfbef797038775ff346d67.tar.gz
sssd-115d0ab97d1d6dcfabcfbef797038775ff346d67.tar.xz
sssd-115d0ab97d1d6dcfabcfbef797038775ff346d67.zip
Fixed authentication check for CHAUTHTOK_PRELIM
When changing passwords, treat SDAP_AUTH_PW_EXPIRED as a successful authentication in SSS_PAM_CHAUTHTOK_PRELIM.
-rw-r--r--src/providers/ldap/ldap_auth.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c
index ba1136bdd..522870307 100644
--- a/src/providers/ldap/ldap_auth.c
+++ b/src/providers/ldap/ldap_auth.c
@@ -721,7 +721,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req)
goto done;
}
- if (result == SDAP_AUTH_SUCCESS &&
+ if ( (result == SDAP_AUTH_SUCCESS || result == SDAP_AUTH_PW_EXPIRED ) &&
state->pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM) {
DEBUG(9, ("Initial authentication for change password operation "
"successful.\n"));