011dc53 krb5_child: check preauth types if password is expired

1 file Authored by sbose 6 years ago, Committed by jhrozek 6 years ago,
    krb5_child: check preauth types if password is expired
    
    If the long term Kerberos password is expired the available
    pre-authentication types for the user should be checked by requesting
    the kadmin/changepw principal. This is e.g. needed for 2-factor
    authentication where the user not only has to specific the current
    long password but an one-time password as well.
    
    Related to https://pagure.io/SSSD/sssd/issue/3585
    
    Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
    
        
file modified
+68 -34