Add support for krb5 1.11's responder callback.

krb5 1.11 adds support for a new method for responding to structured data queries. This method, called the responder, provides an alternative to the prompter interface. This patch adds support for this method. It takes the password and provides it via a responder instead of the prompter. In the case of OTP authentication, it also disables the caching of credentials (since the credentials are one-time only).
author: Nathaniel McCallum <npmccallum@redhat.com> 2013-03-08 12:06:10 -0500
committer: Jakub Hrozek <jhrozek@redhat.com> 2013-03-08 21:58:03 +0100
commit: b40583c6d52b72e41bf01106534535e54b4fba4f (patch)
tree: 873fa3f119980b21441cb8ec109ecd24e4a768a8 /src/providers/krb5/krb5_auth.c
parent: 6a6a821866091e0f722808566c25b951aa346d7c (diff)
download: sssd-b40583c6d52b72e41bf01106534535e54b4fba4f.tar.gz
sssd-b40583c6d52b72e41bf01106534535e54b4fba4f.tar.bz2
sssd-b40583c6d52b72e41bf01106534535e54b4fba4f.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index e41e1a1e..d3e11a2d 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -1107,7 +1107,7 @@ static void krb5_auth_done(struct tevent_req *subreq)
         goto done;
     }
 
-    if (state->be_ctx->domain->cache_credentials == TRUE) {
+    if (state->be_ctx->domain->cache_credentials == TRUE && !res->otp) {
         krb5_auth_store_creds(state->sysdb, state->domain, pd);
     }
author	Nathaniel McCallum <npmccallum@redhat.com>	2013-03-08 12:06:10 -0500
committer	Jakub Hrozek <jhrozek@redhat.com>	2013-03-08 21:58:03 +0100
commit	b40583c6d52b72e41bf01106534535e54b4fba4f (patch)
tree	873fa3f119980b21441cb8ec109ecd24e4a768a8 /src/providers/krb5/krb5_auth.c
parent	6a6a821866091e0f722808566c25b951aa346d7c (diff)
download	sssd-b40583c6d52b72e41bf01106534535e54b4fba4f.tar.gz sssd-b40583c6d52b72e41bf01106534535e54b4fba4f.tar.bz2 sssd-b40583c6d52b72e41bf01106534535e54b4fba4f.zip