diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-18 22:03:13 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-30 16:36:50 +0100 |
commit | d969ba46904766480d65cf8c13e92210dc15227f (patch) | |
tree | 111c862a5676fe538aafdb7a1b0d4f4ac025f4f5 /src/util | |
parent | 1710f23d8195ae8438b5c64cf9b745fb464c9a0d (diff) | |
download | sssd-d969ba46904766480d65cf8c13e92210dc15227f.tar.gz sssd-d969ba46904766480d65cf8c13e92210dc15227f.tar.xz sssd-d969ba46904766480d65cf8c13e92210dc15227f.zip |
KRB5: Move all ccache operations to krb5_child.c
The credential cache operations must be now performed by the krb5_child
completely, because the sssd_be process might be running as the sssd
user who doesn't have access to the ccaches.
src/providers/krb5/krb5_ccache.c is still linked against libsss_krb5
until we fix Kerberos ticket renewal as non-root.
Also includes a new error code that indicates that the back end should
remove the old ccache attribute -- the child can't do that if it's
running as the user.
Diffstat (limited to 'src/util')
-rw-r--r-- | src/util/util_errors.c | 1 | ||||
-rw-r--r-- | src/util/util_errors.h | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/src/util/util_errors.c b/src/util/util_errors.c index d5da64622..c1ed0fb63 100644 --- a/src/util/util_errors.c +++ b/src/util/util_errors.c @@ -31,6 +31,7 @@ struct err_string error_to_str[] = { { "Invalid credential type" }, /* ERR_INVALID_CRED_TYPE */ { "No credentials available" }, /* ERR_NO_CREDS */ { "Credentials are expired" }, /* ERR_CREDS_EXPIRED */ + { "Credentials are expired, old ccache was removed" }, /* ERR_CREDS_EXPIRED_CCACHE */ { "Failure setting user credentials"}, /* ERR_CREDS_INVALID */ { "No cached credentials available" }, /* ERR_NO_CACHED_CREDS */ { "Cached credentials are expired" }, /* ERR_CACHED_CREDS_EXPIRED */ diff --git a/src/util/util_errors.h b/src/util/util_errors.h index 2bc576605..f71ede8d0 100644 --- a/src/util/util_errors.h +++ b/src/util/util_errors.h @@ -56,6 +56,7 @@ enum sssd_errors { ERR_CREDS_INVALID, ERR_NO_CACHED_CREDS, ERR_CACHED_CREDS_EXPIRED, + ERR_CREDS_EXPIRED_CCACHE, ERR_AUTH_DENIED, ERR_AUTH_FAILED, ERR_CHPASS_DENIED, |