Hi,
I just realized that the Kerberos environment variables are not send
back to the client during a password change. This would result in
missing variables if you log in while your password is expired and a new
one is set.
bye,
Sumit
From 370accf6a4ee95149e061b24ad30cc6c071c1cf7 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sb...@redhat.com>
Date: Fri, 19 Feb 2010 16:42:50 +0100
Subject: [PATCH] Send Kerberos environment after password change
---
src/providers/krb5/krb5_auth.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index 27d6aeb..0e5230c 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -1106,7 +1106,7 @@ static void krb5_save_ccname_done(struct tevent_req *req)
int ret;
char *password = NULL;
- if (pd->cmd == SSS_PAM_AUTHENTICATE) {
+ if (pd->cmd == SSS_PAM_AUTHENTICATE || pd->cmd == SSS_PAM_CHAUTHTOK) {
ret = add_krb5_env(krb5_ctx->opts, kr->ccname, pd);
if (ret != EOK) {
DEBUG(1, ("add_krb5_env failed.\n"));
--
1.6.6
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel
