KRB5: Only return PAM error for unreachable kpasswd when performing chpass

https://fedorahosted.org/sssd/ticket/1452
author: Jakub Hrozek <jhrozek@redhat.com> 2012-08-14 14:12:18 +0200
committer: Jakub Hrozek <jhrozek@redhat.com> 2012-09-07 14:37:15 +0200
commit: d49f68fb5313a3f4db111bbf698ac437823e782c (patch)
tree: 6adeb58690c0e4e52964a121bbcc70a96b4a531e
parent: e6709b54aae7cde6a3d6c73c756cb220a8129e2a (diff)
download: sssd-d49f68fb5313a3f4db111bbf698ac437823e782c.tar.gz
sssd-d49f68fb5313a3f4db111bbf698ac437823e782c.tar.xz
sssd-d49f68fb5313a3f4db111bbf698ac437823e782c.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index 0306426cc..34bc5641b 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -583,10 +583,12 @@ static void krb5_resolve_kpasswd_done(struct tevent_req *subreq)
 
     ret = be_resolve_server_recv(subreq, &state->kr->kpasswd_srv);
     talloc_zfree(subreq);
-    if (ret) {
+    if (ret != EOK &&
+        (state->kr->pd->cmd == SSS_PAM_CHAUTHTOK ||
+         state->kr->pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM)) {
         /* all kpasswd servers have been tried and none was found good, but the
          * kdc seems ok. Password changes are not possible but
-         * authentication. We return an PAM error here, but do not mark the
+         * authentication is. We return an PAM error here, but do not mark the
          * backend offline. */
         state->pam_status = PAM_AUTHTOK_LOCK_BUSY;
         state->dp_err = DP_ERR_OK;
author	Jakub Hrozek <jhrozek@redhat.com>	2012-08-14 14:12:18 +0200
committer	Jakub Hrozek <jhrozek@redhat.com>	2012-09-07 14:37:15 +0200
commit	d49f68fb5313a3f4db111bbf698ac437823e782c (patch)
tree	6adeb58690c0e4e52964a121bbcc70a96b4a531e
parent	e6709b54aae7cde6a3d6c73c756cb220a8129e2a (diff)
download	sssd-d49f68fb5313a3f4db111bbf698ac437823e782c.tar.gz sssd-d49f68fb5313a3f4db111bbf698ac437823e782c.tar.xz sssd-d49f68fb5313a3f4db111bbf698ac437823e782c.zip