diff options
author | Sumit Bose <sbose@redhat.com> | 2014-03-11 13:16:14 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-03-12 14:33:20 +0100 |
commit | 63bf0b7697d5a51b5338070d0e2652d49a4728ce (patch) | |
tree | a40fc1e01ea68526b965bcf4fa419e23586b627e /src | |
parent | 36f606d6743e77721bedeed0907f1be7a19fa4f4 (diff) | |
download | sssd-63bf0b7697d5a51b5338070d0e2652d49a4728ce.tar.gz sssd-63bf0b7697d5a51b5338070d0e2652d49a4728ce.tar.xz sssd-63bf0b7697d5a51b5338070d0e2652d49a4728ce.zip |
IPA/KRB5: handle KRB5_PROG_ETYPE_NOSUPP during IPA password migration
Fixes https://fedorahosted.org/sssd/ticket/2279
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/providers/krb5/krb5_child.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index 1a677b865..1bff0e99b 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -990,6 +990,10 @@ static errno_t map_krb5_error(krb5_error_code kerr) case KRB5KRB_AP_ERR_BAD_INTEGRITY: return ERR_AUTH_FAILED; + /* ERR_CREDS_INVALID is used to indicate to the IPA provider that trying + * password migration would make sense. All Kerberos error codes which can + * be seen while migrating LDAP users to IPA should be added here. */ + case KRB5_PROG_ETYPE_NOSUPP: case KRB5_PREAUTH_FAILED: case KRB5KDC_ERR_PREAUTH_FAILED: return ERR_CREDS_INVALID; |