SSSD / sssd

Clone

2d40bf0 Skip CHAUTHTOK_PRELIM when using OTPs

Authored and Committed by jhrozek 9 years ago
raw patch tree parent
6 files changed. 43 lines added. 3 lines removed.
src/db/sysdb.h
file modified
+2 -0
src/providers/ad/ad_opts.h
file modified
+1 -0
src/providers/ipa/ipa_opts.h
file modified
+1 -0
src/providers/krb5/krb5_auth.c
file modified
+35 -3
src/providers/ldap/ldap_opts.h
file modified
+3 -0
src/providers/ldap/sdap.h
file modified
+1 -0 
    Skip CHAUTHTOK_PRELIM when using OTPs
    
    https://fedorahosted.org/sssd/ticket/2484
    
    When OTPs are used, we can only used each authtoken at most once. When
    it comes to Kerberos password changes, this was only working previously
    by accident, because the old authtoken was first used to verify the old
    password is valid and not expired and then also to acquire a chpass
    principal.
    
    This patch looks at the user object in LDAP to check if the user has any
    OTPs enabled. If he does, the CHAUTHTOK_PRELIM step is skipped
    completely so that the OTP can be used to acquire the chpass ticket
    later.
    
    Reviewed-by: Sumit Bose <sbose@redhat.com>
file modified
+2 -0
file modified
+1 -0
file modified
+1 -0
file modified
+35 -3
file modified
+3 -0
file modified
+1 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.