summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2012-11-14 14:56:47 +0100
committerJakub Hrozek <jhrozek@redhat.com>2012-11-19 22:42:46 +0100
commit9459006424bb9975b8728c7700605f9b061c791e (patch)
tree6abb423d5725e647c27e70431bb83e0b49a24c0c /src/lib
parentba098f8670c680c805531dd2714f32bd2c108860 (diff)
downloadsssd-9459006424bb9975b8728c7700605f9b061c791e.tar.gz
sssd-9459006424bb9975b8728c7700605f9b061c791e.tar.bz2
sssd-9459006424bb9975b8728c7700605f9b061c791e.zip
Disable canonicalization during password changes
If canonicalization is enabled Active Directory KDCs return 'krbtgt/AD.DOMAIN' as service name instead of the expected 'kadmin/changepw' which causes a 'KDC reply did not match expectations' error. Additionally the forwardable and proxiable flags are disabled, the renewable lifetime is set to 0 and the lifetime of the ticket is set to 5 minutes as recommended in https://fedorahosted.org/sssd/ticket/1405 and also done by the kpasswd utility. Fixes: https://fedorahosted.org/sssd/ticket/1405 https://fedorahosted.org/sssd/ticket/1615
Diffstat (limited to 'src/lib')
0 files changed, 0 insertions, 0 deletions