git.samba.org / jelmer / samba3.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ba19ca7) | patch
r21500: Fix inappropriate creation of a krb5 ticket refreshing event when a user
authorGünther Deschner <gd@samba.org>
Thu, 22 Feb 2007 13:35:01 +0000 (13:35 +0000)
committerGünther Deschner <gd@samba.org>
Thu, 22 Feb 2007 13:35:01 +0000 (13:35 +0000)
commit29f99826c8010a0d05ac25fc53a0ba99b2c76bd4
treebc87245b47f0dcb7bb89bb4e93b028c8b590ada0tree
parentba19ca7b03850bd2528e39ff1f8e33af8088961bcommit | diff
r21500: Fix inappropriate creation of a krb5 ticket refreshing event when a user
changed a password via pam_chauthtok. Only do this if

a) a user logs on using an expired password (or a password that needs to
be changed immediately) or

b) the user itself changes his password.

Also make sure to delete the in-memory krb5 credential cache (when a
user did not request a FILE based cred cache).

Finally honor the krb5 settings in the first pam authentication in the
chauthtok block (PAM_PRELIM_CHECK). This circumvents confusion when
NTLM samlogon authentication is still possible with the old password after
the password has been already changed (on w2k3 sp1 dcs).

Guenther
source/nsswitch/pam_winbind.c diff | blob | history
source/nsswitch/pam_winbind.h diff | blob | history
source/nsswitch/winbindd_pam.c diff | blob | history
Various Samba 3 feature branches