sssd.git - sssd with jhrozek's patches

diff options

author	Sumit Bose <sbose@redhat.com>	2012-11-14 14:56:47 +0100
committer	Jakub Hrozek <jhrozek@redhat.com>	2012-11-20 08:20:02 +0100
commit	fe70898910c39851f0d5efa3c0a305f660f44662 (patch)
tree	82490accff226f18f0ed45488d559a07d9f672a8 /src/providers/data_provider_be.c
parent	b7cb82d8d2b4c79071bb2d3e2e0c2086d4ae2ec2 (diff)
download	sssd-fe70898910c39851f0d5efa3c0a305f660f44662.tar.gz sssd-fe70898910c39851f0d5efa3c0a305f660f44662.tar.xz sssd-fe70898910c39851f0d5efa3c0a305f660f44662.zip

Disable canonicalization during password changes

If canonicalization is enabled Active Directory KDCs return 'krbtgt/AD.DOMAIN' as service name instead of the expected 'kadmin/changepw' which causes a 'KDC reply did not match expectations' error. Additionally the forwardable and proxiable flags are disabled, the renewable lifetime is set to 0 and the lifetime of the ticket is set to 5 minutes as recommended in https://fedorahosted.org/sssd/ticket/1405 and also done by the kpasswd utility. Fixes: https://fedorahosted.org/sssd/ticket/1405 https://fedorahosted.org/sssd/ticket/1615

Diffstat (limited to 'src/providers/data_provider_be.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: