Only add WBFLAG_PAM_CONTACT_TRUSTDOM when performing a krb5 auth request.

author Gerald W. Carter <jerry@samba.org>

Thu, 27 Mar 2008 16:57:26 +0000 (11:57 -0500)

committer Gerald W. Carter <jerry@samba.org>

Thu, 27 Mar 2008 16:57:26 +0000 (11:57 -0500)
author Gerald W. Carter <jerry@samba.org>
Thu, 27 Mar 2008 16:57:26 +0000 (11:57 -0500)
committer Gerald W. Carter <jerry@samba.org>
Thu, 27 Mar 2008 16:57:26 +0000 (11:57 -0500)
diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c

index 81f522741046792c3a7d3f18650aa6e1f2beb35e..d2aea66bcc387415b98a316c347e3024a0b5b709 100644 (file)
--- a/source3/nsswitch/pam_winbind.c
+++ b/source3/nsswitch/pam_winbind.c
@@ -1200,9 +1200,13 @@ static int winbind_auth_request(pam_handle_t * pamh,
         request.data.auth.krb5_cc_type[0] = '\0';
         request.data.auth.uid = -1;
  
-       request.flags = WBFLAG_PAM_INFO3_TEXT |
-                       WBFLAG_PAM_GET_PWD_POLICY |
-                       WBFLAG_PAM_CONTACT_TRUSTDOM;
+       request.flags = WBFLAG_PAM_INFO3_TEXT | WBFLAG_PAM_GET_PWD_POLICY;
+
+       /* Krb5 auth always has to go against the KDC of the user's realm */
+
+       if (ctrl & WINBIND_KRB5_AUTH) {
+               request.flags |= WBFLAG_PAM_CONTACT_TRUSTDOM;
+       }
  
         if (ctrl & (WINBIND_KRB5_AUTH|WINBIND_CACHED_LOGIN)) {
                 struct passwd *pwd = NULL;
author	Gerald W. Carter <jerry@samba.org>
	Thu, 27 Mar 2008 16:57:26 +0000 (11:57 -0500)
committer	Gerald W. Carter <jerry@samba.org>
	Thu, 27 Mar 2008 16:57:26 +0000 (11:57 -0500)