diff options
author | Sumit Bose <sbose@redhat.com> | 2009-11-04 12:39:00 +0100 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2009-11-20 16:46:47 -0500 |
commit | 0e4eba0a994d286ae0832adc1731ab2dc10c5ff9 (patch) | |
tree | b787c77df7ef16d0fcae46a2177dc039beb4d7c1 /server/providers/krb5 | |
parent | 53b4c8fdb26ac799544f8ef8f12e0cadac8ea5e1 (diff) | |
download | sssd_unused-0e4eba0a994d286ae0832adc1731ab2dc10c5ff9.tar.gz sssd_unused-0e4eba0a994d286ae0832adc1731ab2dc10c5ff9.tar.xz sssd_unused-0e4eba0a994d286ae0832adc1731ab2dc10c5ff9.zip |
Add ipa_auth
To support IPA DS to Kerberos password migration a seperate
authentication target is added. It calls the Kerberos authentication
target and in the case of a 'Preauthentication Error' the LDAP
authentication target. On success the Kerberos target is called again to
request the TGT.
Diffstat (limited to 'server/providers/krb5')
-rw-r--r-- | server/providers/krb5/krb5_child.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/server/providers/krb5/krb5_child.c b/server/providers/krb5/krb5_child.c index 5a1bf374..f7809d2c 100644 --- a/server/providers/krb5/krb5_child.c +++ b/server/providers/krb5/krb5_child.c @@ -582,6 +582,9 @@ static errno_t tgt_req_child(int fd, struct krb5_req *kr) case KRB5KDC_ERR_KEY_EXP: pam_status = PAM_AUTHTOK_EXPIRED; break; + case KRB5KDC_ERR_PREAUTH_FAILED: + pam_status = PAM_CRED_ERR; + break; default: pam_status = PAM_SYSTEM_ERR; } |