From b40583c6d52b72e41bf01106534535e54b4fba4f Mon Sep 17 00:00:00 2001 From: Nathaniel McCallum Date: Fri, 8 Mar 2013 12:06:10 -0500 Subject: Add support for krb5 1.11's responder callback. krb5 1.11 adds support for a new method for responding to structured data queries. This method, called the responder, provides an alternative to the prompter interface. This patch adds support for this method. It takes the password and provides it via a responder instead of the prompter. In the case of OTP authentication, it also disables the caching of credentials (since the credentials are one-time only). --- src/providers/krb5/krb5_auth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/providers/krb5/krb5_auth.c') diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index e41e1a1e8..d3e11a2db 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -1107,7 +1107,7 @@ static void krb5_auth_done(struct tevent_req *subreq) goto done; } - if (state->be_ctx->domain->cache_credentials == TRUE) { + if (state->be_ctx->domain->cache_credentials == TRUE && !res->otp) { krb5_auth_store_creds(state->sysdb, state->domain, pd); } -- cgit