diff options
-rw-r--r-- | src/providers/krb5/krb5_auth.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index e931da96..1da1d025 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -546,10 +546,12 @@ static void krb5_resolve_kpasswd_done(struct tevent_req *subreq) ret = be_resolve_server_recv(subreq, &state->kr->kpasswd_srv); talloc_zfree(subreq); - if (ret) { + if (ret != EOK && + (state->kr->pd->cmd == SSS_PAM_CHAUTHTOK || + state->kr->pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM)) { /* all kpasswd servers have been tried and none was found good, but the * kdc seems ok. Password changes are not possible but - * authentication. We return an PAM error here, but do not mark the + * authentication is. We return an PAM error here, but do not mark the * backend offline. */ state->pam_status = PAM_AUTHTOK_LOCK_BUSY; state->dp_err = DP_ERR_OK; |