diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2012-08-14 14:12:18 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-09-07 14:37:15 +0200 |
commit | d49f68fb5313a3f4db111bbf698ac437823e782c (patch) | |
tree | 6adeb58690c0e4e52964a121bbcc70a96b4a531e /src/providers/krb5 | |
parent | e6709b54aae7cde6a3d6c73c756cb220a8129e2a (diff) | |
download | sssd-d49f68fb5313a3f4db111bbf698ac437823e782c.tar.gz sssd-d49f68fb5313a3f4db111bbf698ac437823e782c.tar.xz sssd-d49f68fb5313a3f4db111bbf698ac437823e782c.zip |
KRB5: Only return PAM error for unreachable kpasswd when performing chpass
https://fedorahosted.org/sssd/ticket/1452
Diffstat (limited to 'src/providers/krb5')
-rw-r--r-- | src/providers/krb5/krb5_auth.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index 0306426cc..34bc5641b 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -583,10 +583,12 @@ static void krb5_resolve_kpasswd_done(struct tevent_req *subreq) ret = be_resolve_server_recv(subreq, &state->kr->kpasswd_srv); talloc_zfree(subreq); - if (ret) { + if (ret != EOK && + (state->kr->pd->cmd == SSS_PAM_CHAUTHTOK || + state->kr->pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM)) { /* all kpasswd servers have been tried and none was found good, but the * kdc seems ok. Password changes are not possible but - * authentication. We return an PAM error here, but do not mark the + * authentication is. We return an PAM error here, but do not mark the * backend offline. */ state->pam_status = PAM_AUTHTOK_LOCK_BUSY; state->dp_err = DP_ERR_OK; |