diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2013-10-08 18:25:20 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-10-17 13:38:51 +0200 |
commit | 2105a6a63cb74bf009fb6e723e74f6ec075e1238 (patch) | |
tree | 377e16606c23fbcfbaea6c3c8535aa95fa0ae3cd /src/providers/krb5/krb5_child.c | |
parent | 569bbc59e4060160a986d0fea31601a7b7d998fe (diff) | |
download | sssd-2105a6a63cb74bf009fb6e723e74f6ec075e1238.tar.gz sssd-2105a6a63cb74bf009fb6e723e74f6ec075e1238.tar.bz2 sssd-2105a6a63cb74bf009fb6e723e74f6ec075e1238.zip |
If an expired AD user logs in, the SSSD receives
KRB5KDC_ERR_CLIENT_REVOKED from the KDC. This error code was not handled
by the SSSD which resulted in System Error being returned to the PAM
stack.
Diffstat (limited to 'src/providers/krb5/krb5_child.c')
-rw-r--r-- | src/providers/krb5/krb5_child.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index 24a1fe1b..42cfbbfe 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -991,6 +991,9 @@ static errno_t map_krb5_error(krb5_error_code kerr) case KRB5_REALM_CANT_RESOLVE: return ERR_NETWORK_IO; + case KRB5KDC_ERR_CLIENT_REVOKED: + return ERR_ACCOUNT_EXPIRED; + case KRB5KDC_ERR_KEY_EXP: return ERR_CREDS_EXPIRED; |