summaryrefslogtreecommitdiff
path: root/src/providers/krb5
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2010-04-21 14:42:34 +0200
committerStephen Gallagher <sgallagh@redhat.com>2010-04-26 09:55:00 -0400
commitbd290f62727b8903d889705a9d129ee6c9d62bc9 (patch)
treeb9e2b762dcce26a5540213a959f7ea335d5ac070 /src/providers/krb5
parentb843b55b1565176d9f27554d89e5e041b34c0dcf (diff)
downloadsssd-bd290f62727b8903d889705a9d129ee6c9d62bc9.tar.gz
sssd-bd290f62727b8903d889705a9d129ee6c9d62bc9.tar.bz2
sssd-bd290f62727b8903d889705a9d129ee6c9d62bc9.zip
Display a message if a password reset by root fails
Diffstat (limited to 'src/providers/krb5')
-rw-r--r--src/providers/krb5/krb5_auth.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index 6a57fe5f..e1aaebf4 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -635,7 +635,14 @@ void krb5_pam_handler(struct be_req *be_req)
switch (pd->cmd) {
case SSS_PAM_AUTHENTICATE:
case SSS_PAM_CHAUTHTOK:
+ break;
case SSS_PAM_CHAUTHTOK_PRELIM:
+ if (pd->priv == 1 && pd->authtok_size == 0) {
+ DEBUG(4, ("Password reset by root is not supported.\n"));
+ pam_status = PAM_PERM_DENIED;
+ dp_err = DP_ERR_OK;
+ goto done;
+ }
break;
case SSS_PAM_ACCT_MGMT:
case SSS_PAM_SETCRED: