Hi, I just realized that the Kerberos environment variables are not send back to the client during a password change. This would result in missing variables if you log in while your password is expired and a new one is set.
bye, Sumit
From 370accf6a4ee95149e061b24ad30cc6c071c1cf7 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Fri, 19 Feb 2010 16:42:50 +0100 Subject: [PATCH] Send Kerberos environment after password change --- src/providers/krb5/krb5_auth.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index 27d6aeb..0e5230c 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -1106,7 +1106,7 @@ static void krb5_save_ccname_done(struct tevent_req *req) int ret; char *password = NULL; - if (pd->cmd == SSS_PAM_AUTHENTICATE) { + if (pd->cmd == SSS_PAM_AUTHENTICATE || pd->cmd == SSS_PAM_CHAUTHTOK) { ret = add_krb5_env(krb5_ctx->opts, kr->ccname, pd); if (ret != EOK) { DEBUG(1, ("add_krb5_env failed.\n")); -- 1.6.6
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel