git.samba.org - amitay/samba.git/commit - source4/heimdal/kdc/krb5tgs.c

author	Andrew Bartlett <abartlet@samba.org>
	Thu, 18 Jun 2009 01:08:46 +0000 (11:08 +1000)
committer	Andrew Bartlett <abartlet@samba.org>
	Thu, 18 Jun 2009 03:49:30 +0000 (13:49 +1000)
commit	19413c52495877d54c90c60229568d0077fda30b
tree	c148e96ba2ff28933f2d5f3714b8fc7e60957dec	tree
parent	2afc6df9b49a246129acdd7c8c24448c8cf3b6ef	commit \| diff

s4:kdc Allow a password change when the password is expired

This requires a rework on Heimdal's windc plugin layer, as we want
full control over what tickets Heimdal will issue. (In particular, in
case our requirements become more complex in future).

The original problem was that Heimdal's check would permit the ticket,
but Samba would then deny it, not knowing it was for kadmin/changepw

Also (in hdb-samba4) be a bit more careful on what entries we will
make the 'change_pw' service mark that this depends on.

Andrew Bartlett

source4/auth/auth.h		diff \| blob \| history
source4/auth/ntlm/auth_sam.c		diff \| blob \| history
source4/auth/sam.c		diff \| blob \| history
source4/heimdal/kdc/headers.h		diff \| blob \| history
source4/heimdal/kdc/kdc_locl.h		diff \| blob \| history
source4/heimdal/kdc/kerberos5.c		diff \| blob \| history
source4/heimdal/kdc/krb5tgs.c		diff \| blob \| history
source4/heimdal/kdc/windc.c		diff \| blob \| history
source4/heimdal/kdc/windc_plugin.h		diff \| blob \| history
source4/kdc/hdb-samba4.c		diff \| blob \| history
source4/kdc/kdc.h		diff \| blob \| history
source4/kdc/pac-glue.c		diff \| blob \| history