diff options
author | Sumit Bose <sbose@redhat.com> | 2012-11-14 14:56:47 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-11-20 08:20:02 +0100 |
commit | fe70898910c39851f0d5efa3c0a305f660f44662 (patch) | |
tree | 82490accff226f18f0ed45488d559a07d9f672a8 /COPYING | |
parent | b7cb82d8d2b4c79071bb2d3e2e0c2086d4ae2ec2 (diff) | |
download | sssd-fe70898910c39851f0d5efa3c0a305f660f44662.tar.gz sssd-fe70898910c39851f0d5efa3c0a305f660f44662.tar.xz sssd-fe70898910c39851f0d5efa3c0a305f660f44662.zip |
Disable canonicalization during password changes
If canonicalization is enabled Active Directory KDCs return
'krbtgt/AD.DOMAIN' as service name instead of the expected
'kadmin/changepw' which causes a 'KDC reply did not match expectations'
error.
Additionally the forwardable and proxiable flags are disabled, the
renewable lifetime is set to 0 and the lifetime of the ticket is set to
5 minutes as recommended in https://fedorahosted.org/sssd/ticket/1405
and also done by the kpasswd utility.
Fixes: https://fedorahosted.org/sssd/ticket/1405
https://fedorahosted.org/sssd/ticket/1615
Diffstat (limited to 'COPYING')
0 files changed, 0 insertions, 0 deletions