From 819bb0b77780fc9009608f48ad353a2cb58fa9ac Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Tue, 14 Aug 2012 14:12:18 +0200
Subject: KRB5: Only return PAM error for unreachable kpasswd when performing
 chpass

https://fedorahosted.org/sssd/ticket/1452
---
 src/providers/krb5/krb5_auth.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index e931da96..1da1d025 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -546,10 +546,12 @@ static void krb5_resolve_kpasswd_done(struct tevent_req *subreq)
 
     ret = be_resolve_server_recv(subreq, &state->kr->kpasswd_srv);
     talloc_zfree(subreq);
-    if (ret) {
+    if (ret != EOK &&
+        (state->kr->pd->cmd == SSS_PAM_CHAUTHTOK ||
+         state->kr->pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM)) {
         /* all kpasswd servers have been tried and none was found good, but the
          * kdc seems ok. Password changes are not possible but
-         * authentication. We return an PAM error here, but do not mark the
+         * authentication is. We return an PAM error here, but do not mark the
          * backend offline. */
         state->pam_status = PAM_AUTHTOK_LOCK_BUSY;
         state->dp_err = DP_ERR_OK;
-- 
cgit