diff options
author | Günther Deschner <gd@samba.org> | 2007-02-22 13:35:01 +0000 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2007-02-22 13:35:01 +0000 |
commit | 29f99826c8010a0d05ac25fc53a0ba99b2c76bd4 (patch) | |
tree | bc87245b47f0dcb7bb89bb4e93b028c8b590ada0 /Roadmap | |
parent | ba19ca7b03850bd2528e39ff1f8e33af8088961b (diff) | |
download | samba-29f99826c8010a0d05ac25fc53a0ba99b2c76bd4.tar.gz samba-29f99826c8010a0d05ac25fc53a0ba99b2c76bd4.tar.xz samba-29f99826c8010a0d05ac25fc53a0ba99b2c76bd4.zip |
r21500: Fix inappropriate creation of a krb5 ticket refreshing event when a user
changed a password via pam_chauthtok. Only do this if
a) a user logs on using an expired password (or a password that needs to
be changed immediately) or
b) the user itself changes his password.
Also make sure to delete the in-memory krb5 credential cache (when a
user did not request a FILE based cred cache).
Finally honor the krb5 settings in the first pam authentication in the
chauthtok block (PAM_PRELIM_CHECK). This circumvents confusion when
NTLM samlogon authentication is still possible with the old password after
the password has been already changed (on w2k3 sp1 dcs).
Guenther
Diffstat (limited to 'Roadmap')
0 files changed, 0 insertions, 0 deletions