Add support for offline auth cache timeout

This adds a new option (offline_credentials_expiration) to the [PAM] section of the sssd.conf If the user does not perform an online authentication within the timeout (in days), they will be denied auth once the timeout passes.
author: Stephen Gallagher <sgallagh@redhat.com> 2009-10-22 11:58:06 -0400
committer: Stephen Gallagher <sgallagh@redhat.com> 2009-10-22 15:43:01 -0400
commit: c2d7b2271eafd27b41736624e4e5da121073279d (patch)
tree: 517d165f3f229b4783d5568fd06a1b8a80d089ad /server/responder/pam/pamsrv.c
parent: ff75b1a0e342f694589c46d9d59c509ac69be980 (diff)
download: sssd-c2d7b2271eafd27b41736624e4e5da121073279d.tar.gz
sssd-c2d7b2271eafd27b41736624e4e5da121073279d.tar.bz2
sssd-c2d7b2271eafd27b41736624e4e5da121073279d.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/server/responder/pam/pamsrv.c b/server/responder/pam/pamsrv.c
index 352c0469..626d2c55 100644
--- a/server/responder/pam/pamsrv.c
+++ b/server/responder/pam/pamsrv.c
@@ -116,6 +116,9 @@ static errno_t pam_get_config(struct pam_ctx *pctx,
                               struct confdb_ctx *cdb)
 {
     int ret = EOK;
+    ret = confdb_get_int(cdb, pctx, CONFDB_PAM_CONF_ENTRY,
+                         CONFDB_PAM_CRED_TIMEOUT, 0,
+                         &pctx->cred_expiration);
     return ret;
 }
author	Stephen Gallagher <sgallagh@redhat.com>	2009-10-22 11:58:06 -0400
committer	Stephen Gallagher <sgallagh@redhat.com>	2009-10-22 15:43:01 -0400
commit	c2d7b2271eafd27b41736624e4e5da121073279d (patch)
tree	517d165f3f229b4783d5568fd06a1b8a80d089ad /server/responder/pam/pamsrv.c
parent	ff75b1a0e342f694589c46d9d59c509ac69be980 (diff)
download	sssd-c2d7b2271eafd27b41736624e4e5da121073279d.tar.gz sssd-c2d7b2271eafd27b41736624e4e5da121073279d.tar.bz2 sssd-c2d7b2271eafd27b41736624e4e5da121073279d.zip