diff options
author | Simo Sorce <simo@redhat.com> | 2016-01-13 14:34:33 -0500 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2016-01-14 18:34:06 +0100 |
commit | 19e44537c28f6d5f011cd7ac885c74c1e892605f (patch) | |
tree | 84d790ce62902c56894d593bc365d6d436ab8d94 /src/util/util_errors.h | |
parent | 684191e61d891b1c34f3742a40d5a2ed6a1192dd (diff) | |
download | sssd-19e44537c28f6d5f011cd7ac885c74c1e892605f.tar.gz sssd-19e44537c28f6d5f011cd7ac885c74c1e892605f.tar.xz sssd-19e44537c28f6d5f011cd7ac885c74c1e892605f.zip |
Krb5/PAM: Fix account lockout error handling
The krb5 provider was mapping KRB5KDC_ERR_CLIENT_REVOKED as
ERR_ACCOUNT_EXPIRED. This is incorrect as KRB5KDC_ERR_CLIENT_REVOKED is
returned by the KDC when an account lockout is in effect. When an account is
expired the kdc returns KRB5KDC_ERR_NAME_EXP.
Fix the mapping by adding a new ERR_ACCOUNT_LOCKOUT sssd_error code.
Resolves:
https://fedorahosted.org/sssd/ticket/2924
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/util/util_errors.h')
-rw-r--r-- | src/util/util_errors.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/util/util_errors.h b/src/util/util_errors.h index c1d081912..a1c822c4b 100644 --- a/src/util/util_errors.h +++ b/src/util/util_errors.h @@ -104,6 +104,7 @@ enum sssd_errors { ERR_ADDR_FAMILY_NOT_SUPPORTED, ERR_SBUS_SENDER_BUS, ERR_SUBDOM_INACTIVE, + ERR_ACCOUNT_LOCKED, ERR_LAST /* ALWAYS LAST */ }; |