3983d81 KRB5: Do not attempt to get a TGT after a password change using OTP

4 files Authored by jhrozek 6 years ago, Committed by sbose 6 years ago,
    KRB5: Do not attempt to get a TGT after a password change using OTP
    
    https://fedorahosted.org/sssd/ticket/2271
    
    The current krb5_child code attempts to get a TGT for the convenience of
    the user using the new password after a password change operation.
    However, an OTP should never be used twice, which means we can't perform
    the kinit operation after chpass is finished. Instead, we only print a
    PAM information instructing the user to log out and back in manually.
    
    Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
    
        
file modified
+19 -0
file modified
+3 -0