summaryrefslogtreecommitdiff
path: root/src/krb5_plugin
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2010-03-23 16:34:31 +0100
committerStephen Gallagher <sgallagh@redhat.com>2010-03-25 12:14:14 -0400
commitabe2d10564aac5e126bf3536b7f9871f00a262b1 (patch)
tree7e7cb9ccf57712593d0d99706a2de0d7d47cb248 /src/krb5_plugin
parent36f341109287f42f33a4ed3d25746741bdfb71f4 (diff)
downloadsssd-abe2d10564aac5e126bf3536b7f9871f00a262b1.tar.gz
sssd-abe2d10564aac5e126bf3536b7f9871f00a262b1.tar.bz2
sssd-abe2d10564aac5e126bf3536b7f9871f00a262b1.zip
Fix kinit after password change
In an environment with slave KDCs and a central server where password changes are allowed the request for a new TGT immediately after the password change should be made against this server, because the slave server might not know the new password. To achieve this the Kerberos localtor plugin now returns the address of the kpasswd server as master_kdc.
Diffstat (limited to 'src/krb5_plugin')
-rw-r--r--src/krb5_plugin/sssd_krb5_locator_plugin.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/src/krb5_plugin/sssd_krb5_locator_plugin.c b/src/krb5_plugin/sssd_krb5_locator_plugin.c
index 626960a2..153145bb 100644
--- a/src/krb5_plugin/sssd_krb5_locator_plugin.c
+++ b/src/krb5_plugin/sssd_krb5_locator_plugin.c
@@ -289,7 +289,8 @@ krb5_error_code sssd_krb5_locator_lookup(void *private_data,
return KRB5_PLUGIN_NO_HANDLE;
}
- if (svc == locate_service_kadmin || svc == locate_service_kpasswd) {
+ if (svc == locate_service_kadmin || svc == locate_service_kpasswd ||
+ svc == locate_service_master_kdc) {
ret = get_krb5info(realm, ctx, locate_service_kpasswd);
if (ret != EOK) {
PLUGIN_DEBUG(("reading kpasswd address failed, "
@@ -307,10 +308,13 @@ krb5_error_code sssd_krb5_locator_lookup(void *private_data,
switch (svc) {
case locate_service_kdc:
- case locate_service_master_kdc:
addr = ctx->kdc_addr;
port = ctx->kdc_port ? ctx->kdc_port : DEFAULT_KERBEROS_PORT;
break;
+ case locate_service_master_kdc:
+ addr = ctx->kpasswd_addr;
+ port = DEFAULT_KERBEROS_PORT;
+ break;
case locate_service_kadmin:
addr = ctx->kpasswd_addr;
port = DEFAULT_KADMIN_PORT;