diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2013-11-28 16:00:59 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-11-29 11:58:22 +0100 |
commit | 83011d97d17bd00e99ccf1e0302167a6bc0db84e (patch) | |
tree | 62ab811ca39b5f0a0dbad92a2bf0d338fd6246bb /src/providers | |
parent | e60b425ddc0e24178d044bef04ab7349ac7a7826 (diff) | |
download | sssd-83011d97d17bd00e99ccf1e0302167a6bc0db84e.tar.gz sssd-83011d97d17bd00e99ccf1e0302167a6bc0db84e.tar.xz sssd-83011d97d17bd00e99ccf1e0302167a6bc0db84e.zip |
KRB5: Go offline in case of clock skew
https://fedorahosted.org/sssd/ticket/1096
In case the KDC has skewed time, we can retry with the next one and
eventually go offline if no KDC has time in sync with the client.
Previously, authentication with wrong time resulted in System Error.
Diffstat (limited to 'src/providers')
-rw-r--r-- | src/providers/krb5/krb5_child.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index bd937e808..585922320 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -986,6 +986,7 @@ static errno_t map_krb5_error(krb5_error_code kerr) case KRB5_LIBOS_CANTREADPWD: return ERR_NO_CREDS; + case KRB5KRB_AP_ERR_SKEW: case KRB5_KDC_UNREACH: case KRB5_REALM_CANT_RESOLVE: return ERR_NETWORK_IO; |