diff options
author | Günther Deschner <gd@samba.org> | 2007-02-22 13:35:01 +0000 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2007-02-22 13:35:01 +0000 |
commit | 29f99826c8010a0d05ac25fc53a0ba99b2c76bd4 (patch) | |
tree | bc87245b47f0dcb7bb89bb4e93b028c8b590ada0 /source/nsswitch/winbindd_pam.c | |
parent | ba19ca7b03850bd2528e39ff1f8e33af8088961b (diff) | |
download | samba-29f99826c8010a0d05ac25fc53a0ba99b2c76bd4.tar.gz samba-29f99826c8010a0d05ac25fc53a0ba99b2c76bd4.tar.xz samba-29f99826c8010a0d05ac25fc53a0ba99b2c76bd4.zip |
r21500: Fix inappropriate creation of a krb5 ticket refreshing event when a user
changed a password via pam_chauthtok. Only do this if
a) a user logs on using an expired password (or a password that needs to
be changed immediately) or
b) the user itself changes his password.
Also make sure to delete the in-memory krb5 credential cache (when a
user did not request a FILE based cred cache).
Finally honor the krb5 settings in the first pam authentication in the
chauthtok block (PAM_PRELIM_CHECK). This circumvents confusion when
NTLM samlogon authentication is still possible with the old password after
the password has been already changed (on w2k3 sp1 dcs).
Guenther
Diffstat (limited to 'source/nsswitch/winbindd_pam.c')
-rw-r--r-- | source/nsswitch/winbindd_pam.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/source/nsswitch/winbindd_pam.c b/source/nsswitch/winbindd_pam.c index 98f76bea923..69e004ec718 100644 --- a/source/nsswitch/winbindd_pam.c +++ b/source/nsswitch/winbindd_pam.c @@ -671,6 +671,17 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain, DEBUG(10,("winbindd_raw_kerberos_login: failed to add ccache to list: %s\n", nt_errstr(result))); } + } else { + + /* need to delete the memory cred cache, it is not used anymore */ + + krb5_ret = ads_kdestroy(cc); + if (krb5_ret) { + DEBUG(3,("winbindd_raw_kerberos_login: " + "could not destroy krb5 credential cache: " + "%s\n", error_message(krb5_ret))); + } + } result = NT_STATUS_OK; |