diff options
| author | Simo Sorce <ssorce@redhat.com> | 2012-05-17 10:33:43 -0400 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2012-05-17 17:17:42 +0200 |
| commit | 46c6ff69ac2a4fa39e99f954bd9cfbd78bfd70c9 (patch) | |
| tree | 5a0694fdbc4a64bf30b5faa90236d72b83680b02 | |
| parent | 4b539a41d9b562ed3372ea70fbb5d52c141a43f1 (diff) | |
| download | freeipa-46c6ff69ac2a4fa39e99f954bd9cfbd78bfd70c9.tar.gz freeipa-46c6ff69ac2a4fa39e99f954bd9cfbd78bfd70c9.tar.xz freeipa-46c6ff69ac2a4fa39e99f954bd9cfbd78bfd70c9.zip | |
Fix migration code password setting.
When we set a password we also need to make sure krbExtraData is set.
If not kadmin will later complain that the object is corrupted at password
change time.
Ticket: https://fedorahosted.org/freeipa/ticket/2764
| -rw-r--r-- | daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c index 410c536a5..181bd0ee7 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c @@ -995,6 +995,7 @@ static int ipapwd_pre_bind(Slapi_PBlock *pb) Slapi_Value *objectclass; int method; /* authentication method */ int ret = 0; + char *principal = NULL; LOG_TRACE("=>\n"); @@ -1135,9 +1136,19 @@ static int ipapwd_pre_bind(Slapi_PBlock *pb) goto done; } + /* we need to make sure the ExtraData is set, otherwise kadmin + * will not like the object */ + principal = slapi_entry_attr_get_charptr(entry, "krbPrincipalName"); + if (!principal) { + LOG_OOM(); + goto done; + } + ipapwd_set_extradata(pwdata.dn, principal, pwdata.timeNow); + LOG("kerberos key generated for user entry: %s\n", dn); done: + slapi_ch_free_string(&principal); slapi_ch_free_string(&expire); if (entry) slapi_entry_free(entry); |