diff options
author | Sumit Bose <sbose@redhat.com> | 2015-03-25 12:04:57 +0100 |
---|---|---|
committer | Sumit Bose <sbose@redhat.com> | 2015-05-08 09:14:23 +0200 |
commit | 2d0e7658198d1aa6e3926bf967ff683660249114 (patch) | |
tree | e57cb8d24bcaeef6bbe5faaf8b068813878d955b /src | |
parent | c5ae04b2da970a3991f21173acae3e892198ce0c (diff) | |
download | sssd-2d0e7658198d1aa6e3926bf967ff683660249114.tar.gz sssd-2d0e7658198d1aa6e3926bf967ff683660249114.tar.xz sssd-2d0e7658198d1aa6e3926bf967ff683660249114.zip |
krb5: try delayed online authentication only for single factor auth
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/providers/krb5/krb5_auth.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index b003a8a00..91989df42 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -207,6 +207,13 @@ static void krb5_auth_cache_creds(struct krb5_ctx *krb5_ctx, const char *password = NULL; errno_t ret; + if (sss_authtok_get_type(pd->authtok) != SSS_AUTHTOK_TYPE_PASSWORD) { + DEBUG(SSSDBG_MINOR_FAILURE, + "Delayed authentication is only available for password " + "authentication (single factor).\n"); + return; + } + ret = sss_authtok_get_password(pd->authtok, &password, NULL); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, |