diff options
author | Sumit Bose <sbose@redhat.com> | 2012-11-14 14:56:47 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-11-19 22:42:46 +0100 |
commit | 9459006424bb9975b8728c7700605f9b061c791e (patch) | |
tree | 6abb423d5725e647c27e70431bb83e0b49a24c0c /src/lib | |
parent | ba098f8670c680c805531dd2714f32bd2c108860 (diff) | |
download | sssd-9459006424bb9975b8728c7700605f9b061c791e.tar.gz sssd-9459006424bb9975b8728c7700605f9b061c791e.tar.bz2 sssd-9459006424bb9975b8728c7700605f9b061c791e.zip |
Disable canonicalization during password changes
If canonicalization is enabled Active Directory KDCs return
'krbtgt/AD.DOMAIN' as service name instead of the expected
'kadmin/changepw' which causes a 'KDC reply did not match expectations'
error.
Additionally the forwardable and proxiable flags are disabled, the
renewable lifetime is set to 0 and the lifetime of the ticket is set to
5 minutes as recommended in https://fedorahosted.org/sssd/ticket/1405
and also done by the kpasswd utility.
Fixes: https://fedorahosted.org/sssd/ticket/1405
https://fedorahosted.org/sssd/ticket/1615
Diffstat (limited to 'src/lib')
0 files changed, 0 insertions, 0 deletions