diff options
Diffstat (limited to 'src/util')
-rw-r--r-- | src/util/domain_info_utils.c | 1 | ||||
-rw-r--r-- | src/util/sss_krb5.h | 5 |
2 files changed, 6 insertions, 0 deletions
diff --git a/src/util/domain_info_utils.c b/src/util/domain_info_utils.c index d9f320d8..45f98d85 100644 --- a/src/util/domain_info_utils.c +++ b/src/util/domain_info_utils.c @@ -77,6 +77,7 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx, /* FIXME: get ranges from the server */ dom->id_min = 0; dom->id_max = 0xffffffff; + dom->pwd_expiration_warning = parent->pwd_expiration_warning; dom->cache_credentials = parent->cache_credentials; dom->case_sensitive = parent->case_sensitive; dom->user_timeout = parent->user_timeout; diff --git a/src/util/sss_krb5.h b/src/util/sss_krb5.h index 50c4b696..6ad80806 100644 --- a/src/util/sss_krb5.h +++ b/src/util/sss_krb5.h @@ -34,6 +34,11 @@ #include "util/util.h" +/* MIT Kerberos has the same hardcoded warning interval of 7 days. Due to the + * fact that using the expiration time of a Kerberos password with LDAP + * authentication is presumably a rare case a separate config option is not + * necessary. */ +#define KERBEROS_PWEXPIRE_WARNING_TIME (7 * 24 * 60 * 60) #define KEYTAB_CLEAN_NAME keytab_name ? keytab_name : "default" const char * KRB5_CALLCONV sss_krb5_get_error_message (krb5_context, |