diff options
author | Gerald Carter <jerry@samba.org> | 2007-05-06 20:33:33 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:21:49 -0500 |
commit | fd5ff711b6fa4b1146776ba6f915a20e64786c53 (patch) | |
tree | 9ecd8c5be9f589ac295a2b63f8ddefeab981b171 /source3/nsswitch/pam_winbind.c | |
parent | 80dca03aaeb0409d866019f52999f69422fb985b (diff) | |
download | samba-fd5ff711b6fa4b1146776ba6f915a20e64786c53.tar.gz samba-fd5ff711b6fa4b1146776ba6f915a20e64786c53.tar.bz2 samba-fd5ff711b6fa4b1146776ba6f915a20e64786c53.zip |
r22712: Inform the user when logging in via pam_winbind
and the krb5 tkt cache could not be created due to clock skew.
(This used to be commit 24616f7d6be40b090dc74851b1ea7d09d6976811)
Diffstat (limited to 'source3/nsswitch/pam_winbind.c')
-rw-r--r-- | source3/nsswitch/pam_winbind.c | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index ec6361e52b..6734cba0c4 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -928,6 +928,30 @@ static void _pam_warn_logon_type(pam_handle_t *pamh, int ctrl, const char *usern } /** + * Send PAM_ERROR_MSG for krb5 errors. + * + * @param pamh PAM handle + * @param ctrl PAM winbind options. + * @param username User in PAM request. + * @param info3_user_flgs Info3 flags containing logon type bits. + * + * @return void. + */ + +static void _pam_warn_krb5_failure(pam_handle_t *pamh, int ctrl, const char *username, uint32 info3_user_flgs) +{ + if (PAM_WB_KRB5_CLOCK_SKEW(info3_user_flgs)) { + _make_remark(pamh, ctrl, PAM_ERROR_MSG, + "Failed to establish your Kerberos Ticket cache " + "due time differences\n" + "with the domain controller. " + "Please verify the system time.\n"); + _pam_log_debug(pamh, ctrl, LOG_DEBUG, + "User %s: Clock skew when getting Krb5 TGT\n", username); + } +} + +/** * Compose Password Restriction String for a PAM_ERROR_MSG conversation. * * @param response The struct winbindd_response. @@ -1125,6 +1149,9 @@ static int winbind_auth_request(pam_handle_t * pamh, /* inform about logon type */ _pam_warn_logon_type(pamh, ctrl, user, response.data.auth.info3.user_flgs); + /* inform about krb5 failures */ + _pam_warn_krb5_failure(pamh, ctrl, user, response.data.auth.info3.user_flgs); + /* set some info3 info for other modules in the stack */ _pam_set_data_info3(pamh, ctrl, &response); |