From ef79efc0c972e206d3dfa4923608a0aa97522987 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Mon, 30 Nov 2009 13:32:56 +0100
Subject: Immediately return a krb5 change password request when offline

---
 server/providers/krb5/krb5_auth.c | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'server')

diff --git a/server/providers/krb5/krb5_auth.c b/server/providers/krb5/krb5_auth.c
index d5c25039c..8848a5103 100644
--- a/server/providers/krb5/krb5_auth.c
+++ b/server/providers/krb5/krb5_auth.c
@@ -801,6 +801,13 @@ void krb5_pam_handler(struct be_req *be_req)
         goto done;
     }
 
+    if (be_is_offline(be_req->be_ctx) && pd->cmd == SSS_PAM_CHAUTHTOK) {
+        DEBUG(9, ("Password changes are not possible while offline.\n"));
+        pam_status = PAM_AUTHINFO_UNAVAIL;
+        dp_err = DP_ERR_OFFLINE;
+        goto done;
+    }
+
     attrs = talloc_array(be_req, const char *, 4);
     if (attrs == NULL) {
         goto done;
-- 
cgit