19e4453 Krb5/PAM: Fix account lockout error handling

4 files Authored by simo 8 years ago, Committed by jhrozek 8 years ago,
    Krb5/PAM: Fix account lockout error handling
    
    The krb5 provider was mapping KRB5KDC_ERR_CLIENT_REVOKED as
    ERR_ACCOUNT_EXPIRED. This is incorrect as KRB5KDC_ERR_CLIENT_REVOKED is
    returned by the KDC when an account lockout is in effect. When an account is
    expired the kdc returns KRB5KDC_ERR_NAME_EXP.
    
    Fix the mapping by adding a new ERR_ACCOUNT_LOCKOUT sssd_error code.
    
    Resolves:
    https://fedorahosted.org/sssd/ticket/2924
    
    Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
    
        
file modified
+1 -0
file modified
+1 -0