summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2009-11-30 13:32:56 +0100
committerStephen Gallagher <sgallagh@redhat.com>2009-12-01 07:46:55 -0500
commitef79efc0c972e206d3dfa4923608a0aa97522987 (patch)
tree196065afcb4e6f372904bab19d2f8aa1f47405f9
parentfec8e03ce26a01a6c7304cb068038e2d0d8676df (diff)
downloadsssd_unused-ef79efc0c972e206d3dfa4923608a0aa97522987.tar.gz
sssd_unused-ef79efc0c972e206d3dfa4923608a0aa97522987.tar.xz
sssd_unused-ef79efc0c972e206d3dfa4923608a0aa97522987.zip
Immediately return a krb5 change password request when offline
-rw-r--r--server/providers/krb5/krb5_auth.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/server/providers/krb5/krb5_auth.c b/server/providers/krb5/krb5_auth.c
index d5c25039..8848a510 100644
--- a/server/providers/krb5/krb5_auth.c
+++ b/server/providers/krb5/krb5_auth.c
@@ -801,6 +801,13 @@ void krb5_pam_handler(struct be_req *be_req)
goto done;
}
+ if (be_is_offline(be_req->be_ctx) && pd->cmd == SSS_PAM_CHAUTHTOK) {
+ DEBUG(9, ("Password changes are not possible while offline.\n"));
+ pam_status = PAM_AUTHINFO_UNAVAIL;
+ dp_err = DP_ERR_OFFLINE;
+ goto done;
+ }
+
attrs = talloc_array(be_req, const char *, 4);
if (attrs == NULL) {
goto done;