From abe2d10564aac5e126bf3536b7f9871f00a262b1 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Tue, 23 Mar 2010 16:34:31 +0100 Subject: Fix kinit after password change In an environment with slave KDCs and a central server where password changes are allowed the request for a new TGT immediately after the password change should be made against this server, because the slave server might not know the new password. To achieve this the Kerberos localtor plugin now returns the address of the kpasswd server as master_kdc. --- src/krb5_plugin/sssd_krb5_locator_plugin.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'src/krb5_plugin') diff --git a/src/krb5_plugin/sssd_krb5_locator_plugin.c b/src/krb5_plugin/sssd_krb5_locator_plugin.c index 626960a2..153145bb 100644 --- a/src/krb5_plugin/sssd_krb5_locator_plugin.c +++ b/src/krb5_plugin/sssd_krb5_locator_plugin.c @@ -289,7 +289,8 @@ krb5_error_code sssd_krb5_locator_lookup(void *private_data, return KRB5_PLUGIN_NO_HANDLE; } - if (svc == locate_service_kadmin || svc == locate_service_kpasswd) { + if (svc == locate_service_kadmin || svc == locate_service_kpasswd || + svc == locate_service_master_kdc) { ret = get_krb5info(realm, ctx, locate_service_kpasswd); if (ret != EOK) { PLUGIN_DEBUG(("reading kpasswd address failed, " @@ -307,10 +308,13 @@ krb5_error_code sssd_krb5_locator_lookup(void *private_data, switch (svc) { case locate_service_kdc: - case locate_service_master_kdc: addr = ctx->kdc_addr; port = ctx->kdc_port ? ctx->kdc_port : DEFAULT_KERBEROS_PORT; break; + case locate_service_master_kdc: + addr = ctx->kpasswd_addr; + port = DEFAULT_KERBEROS_PORT; + break; case locate_service_kadmin: addr = ctx->kpasswd_addr; port = DEFAULT_KADMIN_PORT; -- cgit