diff options
author | Simo Sorce <ssorce@redhat.com> | 2011-09-19 15:53:17 -0400 |
---|---|---|
committer | Simo Sorce <ssorce@redhat.com> | 2012-01-11 12:04:14 -0500 |
commit | 7faa539e6a1de6dfa53f22a73af7f71d4313ff35 (patch) | |
tree | ff3e9ab338f8922f164654ae0dcfd25ccad5a493 | |
parent | aad81f82499cac15d55b0ebdd7e5ef82332bdf75 (diff) | |
download | freeipa.git-7faa539e6a1de6dfa53f22a73af7f71d4313ff35.tar.gz freeipa.git-7faa539e6a1de6dfa53f22a73af7f71d4313ff35.tar.xz freeipa.git-7faa539e6a1de6dfa53f22a73af7f71d4313ff35.zip |
ipa-kdb: Fix legacy password hashes generation
We were not searching for objectclass so the test to se if a user had the
posixAccount attribute was failing and the user was not marked as ipa_user.
This in turn caused us to not synchronize legacy hashes by not trying to store
the userPassword attribute.
Fixes: https://fedorahosted.org/freeipa/ticket/1820
-rw-r--r-- | daemons/ipa-kdb/ipa_kdb_passwords.c | 4 | ||||
-rw-r--r-- | daemons/ipa-kdb/ipa_kdb_principals.c | 1 |
2 files changed, 2 insertions, 3 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb_passwords.c b/daemons/ipa-kdb/ipa_kdb_passwords.c index 28ec382d..93e9e206 100644 --- a/daemons/ipa-kdb/ipa_kdb_passwords.c +++ b/daemons/ipa-kdb/ipa_kdb_passwords.c @@ -283,9 +283,7 @@ krb5_error_code ipadb_get_pwd_expiration(krb5_context context, krb5_principal mod_princ = NULL; krb5_boolean truexp = true; - - /* Assume all principals with just one component as user principals */ - if (entry->princ->length == 1) { + if (ied->ipa_user) { kerr = krb5_dbe_lookup_mod_princ_data(context, entry, &mod_time, &mod_princ); if (kerr) { diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c index 249aed2f..fdd834f3 100644 --- a/daemons/ipa-kdb/ipa_kdb_principals.c +++ b/daemons/ipa-kdb/ipa_kdb_principals.c @@ -53,6 +53,7 @@ static char *std_principal_attrs[] = { "nsaccountlock", "passwordHistory", + "objectClass", NULL }; |