r24613: Missed this in my recent commit -r 24611. We don't discriminate on

where the password change came from, to determine if policy should be
applied.  We discriminate on if the account is a trust account.

Andrew Bartlett

diff --git a/source/kdc/kpasswdd.c b/source/kdc/kpasswdd.c
index 2c9154301345a08741c7504d7b1224232eaffa5e..dc717daa6589b76b82de8305ae109fad52c19721 100644 (file)
--- a/source/kdc/kpasswdd.c
+++ b/source/kdc/kpasswdd.c
@@ -197,7 +197,6 @@ static BOOL kpasswdd_change_password(struct kdc_server *kdc,
                                        session_info->security_token->user_sid,
                                        password, NULL, NULL, 
                                        True, /* this is a user password change */
-                                       True, /* run restriction tests */
                                        &reject_reason,
                                        &dominfo);
        return kpasswd_make_pwchange_reply(kdc, mem_ctx, 
@@ -362,7 +361,6 @@ static BOOL kpasswd_process_request(struct kdc_server *kdc,
                                                    set_password_on_dn, NULL,
                                                    msg, password, NULL, NULL, 
                                                    False, /* this is not a user password change */
-                                                   True, /* run restriction tests */
                                                    &reject_reason, &dominfo);
                }