git.samba.org / ira / wip.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4a74d04) | patch
r21500: Fix inappropriate creation of a krb5 ticket refreshing event when a user
authorGünther Deschner <gd@samba.org>
Thu, 22 Feb 2007 13:35:01 +0000 (13:35 +0000)
committerGerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 17:18:08 +0000 (12:18 -0500)
commitc3005c48cd86bc1dd17fab80da05c2d34071b872
tree2b66167c8a702cdfa0edb996106832d0f172ccb7tree
parent4a74d042c9108ed68cc92f27b390c261c0bc8885commit | diff
r21500: Fix inappropriate creation of a krb5 ticket refreshing event when a user
changed a password via pam_chauthtok. Only do this if

a) a user logs on using an expired password (or a password that needs to
be changed immediately) or

b) the user itself changes his password.

Also make sure to delete the in-memory krb5 credential cache (when a
user did not request a FILE based cred cache).

Finally honor the krb5 settings in the first pam authentication in the
chauthtok block (PAM_PRELIM_CHECK). This circumvents confusion when
NTLM samlogon authentication is still possible with the old password after
the password has been already changed (on w2k3 sp1 dcs).

Guenther
source/nsswitch/pam_winbind.c diff | blob | history
source/nsswitch/pam_winbind.h diff | blob | history
source/nsswitch/winbindd_pam.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.