KRB5: Only return PAM error for unreachable kpasswd when performing chpass

https://fedorahosted.org/sssd/ticket/1452
author: Jakub Hrozek <jhrozek@redhat.com> 2012-08-14 14:12:18 +0200
committer: Jakub Hrozek <jhrozek@redhat.com> 2012-08-15 13:51:46 +0200
commit: 819bb0b77780fc9009608f48ad353a2cb58fa9ac (patch)
tree: 141f498c2fcc906b8260453abfa974285b4e922f
parent: 058a3f229f00053bfcb25486e25e39cd618ccbef (diff)
download: sssd-819bb0b77780fc9009608f48ad353a2cb58fa9ac.tar.gz
sssd-819bb0b77780fc9009608f48ad353a2cb58fa9ac.tar.bz2
sssd-819bb0b77780fc9009608f48ad353a2cb58fa9ac.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index e931da96..1da1d025 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -546,10 +546,12 @@ static void krb5_resolve_kpasswd_done(struct tevent_req *subreq)
 
     ret = be_resolve_server_recv(subreq, &state->kr->kpasswd_srv);
     talloc_zfree(subreq);
-    if (ret) {
+    if (ret != EOK &&
+        (state->kr->pd->cmd == SSS_PAM_CHAUTHTOK ||
+         state->kr->pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM)) {
         /* all kpasswd servers have been tried and none was found good, but the
          * kdc seems ok. Password changes are not possible but
-         * authentication. We return an PAM error here, but do not mark the
+         * authentication is. We return an PAM error here, but do not mark the
          * backend offline. */
         state->pam_status = PAM_AUTHTOK_LOCK_BUSY;
         state->dp_err = DP_ERR_OK;
author	Jakub Hrozek <jhrozek@redhat.com>	2012-08-14 14:12:18 +0200
committer	Jakub Hrozek <jhrozek@redhat.com>	2012-08-15 13:51:46 +0200
commit	819bb0b77780fc9009608f48ad353a2cb58fa9ac (patch)
tree	141f498c2fcc906b8260453abfa974285b4e922f
parent	058a3f229f00053bfcb25486e25e39cd618ccbef (diff)
download	sssd-819bb0b77780fc9009608f48ad353a2cb58fa9ac.tar.gz sssd-819bb0b77780fc9009608f48ad353a2cb58fa9ac.tar.bz2 sssd-819bb0b77780fc9009608f48ad353a2cb58fa9ac.zip