SSSD / sssd

Clone

1c1693e KRB5: Do not attempt to get a TGT after a password change using OTP

4 files Authored by jhrozek 10 years ago, Committed by sbose 10 years ago,
raw patch tree parent
4 files changed. 52 lines added. 3 lines removed.
src/providers/krb5/krb5_auth.c
file modified
+18 -3
src/providers/krb5/krb5_child.c
file modified
+12 -0
src/sss_client/pam_sss.c
file modified
+19 -0
src/sss_client/sss_cli.h
file modified
+3 -0 
    KRB5: Do not attempt to get a TGT after a password change using OTP
    
    https://fedorahosted.org/sssd/ticket/2271
    
    The current krb5_child code attempts to get a TGT for the convenience of
    the user using the new password after a password change operation.
    However, an OTP should never be used twice, which means we can't perform
    the kinit operation after chpass is finished. Instead, we only print a
    PAM information instructing the user to log out and back in manually.
    
    Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
file modified
+18 -3
file modified
+12 -0
file modified
+19 -0
file modified
+3 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.