diff options
author | Sumit Bose <sbose@redhat.com> | 2010-03-23 16:34:31 +0100 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-03-25 12:14:14 -0400 |
commit | abe2d10564aac5e126bf3536b7f9871f00a262b1 (patch) | |
tree | 7e7cb9ccf57712593d0d99706a2de0d7d47cb248 /src/krb5_plugin | |
parent | 36f341109287f42f33a4ed3d25746741bdfb71f4 (diff) | |
download | sssd-abe2d10564aac5e126bf3536b7f9871f00a262b1.tar.gz sssd-abe2d10564aac5e126bf3536b7f9871f00a262b1.tar.bz2 sssd-abe2d10564aac5e126bf3536b7f9871f00a262b1.zip |
Fix kinit after password change
In an environment with slave KDCs and a central server where password
changes are allowed the request for a new TGT immediately after the
password change should be made against this server, because the slave
server might not know the new password.
To achieve this the Kerberos localtor plugin now returns the address of
the kpasswd server as master_kdc.
Diffstat (limited to 'src/krb5_plugin')
-rw-r--r-- | src/krb5_plugin/sssd_krb5_locator_plugin.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/krb5_plugin/sssd_krb5_locator_plugin.c b/src/krb5_plugin/sssd_krb5_locator_plugin.c index 626960a2..153145bb 100644 --- a/src/krb5_plugin/sssd_krb5_locator_plugin.c +++ b/src/krb5_plugin/sssd_krb5_locator_plugin.c @@ -289,7 +289,8 @@ krb5_error_code sssd_krb5_locator_lookup(void *private_data, return KRB5_PLUGIN_NO_HANDLE; } - if (svc == locate_service_kadmin || svc == locate_service_kpasswd) { + if (svc == locate_service_kadmin || svc == locate_service_kpasswd || + svc == locate_service_master_kdc) { ret = get_krb5info(realm, ctx, locate_service_kpasswd); if (ret != EOK) { PLUGIN_DEBUG(("reading kpasswd address failed, " @@ -307,10 +308,13 @@ krb5_error_code sssd_krb5_locator_lookup(void *private_data, switch (svc) { case locate_service_kdc: - case locate_service_master_kdc: addr = ctx->kdc_addr; port = ctx->kdc_port ? ctx->kdc_port : DEFAULT_KERBEROS_PORT; break; + case locate_service_master_kdc: + addr = ctx->kpasswd_addr; + port = DEFAULT_KERBEROS_PORT; + break; case locate_service_kadmin: addr = ctx->kpasswd_addr; port = DEFAULT_KADMIN_PORT; |