diff options
author | Jeffrey Altman <jaltman@secure-endpoints.com> | 2006-11-17 23:14:27 +0000 |
---|---|---|
committer | Jeffrey Altman <jaltman@secure-endpoints.com> | 2006-11-17 23:14:27 +0000 |
commit | 19af79db346da1b5394e05d8d53c6db4cd822177 (patch) | |
tree | 5788577099513e29f9ea008fd42abbd0705ef1ef | |
parent | f3b7e53e5daabe721d41b8021868510ed4856859 (diff) | |
download | krb5-19af79db346da1b5394e05d8d53c6db4cd822177.zip krb5-19af79db346da1b5394e05d8d53c6db4cd822177.tar.gz krb5-19af79db346da1b5394e05d8d53c6db4cd822177.tar.bz2 |
reset use_master flag when master_kdc cannot be found
krb5_get_init_creds_password:
if the master_kdc cannot be identified reset the use_master
flag. otherwise, the krb5_get_init_creds("kadmin/changepw")
call will attempt to communicate with the master_kdc that
cannot be reached.
ticket: new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18840 dc483132-0cff-0310-8789-dd5450dbe970
-rw-r--r-- | src/lib/krb5/krb/gic_pwd.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c index ef9a6b3..f9b1357 100644 --- a/src/lib/krb5/krb/gic_pwd.c +++ b/src/lib/krb5/krb/gic_pwd.c @@ -161,12 +161,14 @@ krb5_get_init_creds_password(krb5_context context, krb5_creds *creds, krb5_princ } /* if the master is unreachable, return the error from the - slave we were able to contact */ + slave we were able to contact or reset the use_master flag */ if ((ret2 != KRB5_KDC_UNREACH) && (ret2 != KRB5_REALM_CANT_RESOLVE) && (ret2 != KRB5_REALM_UNKNOWN)) ret = ret2; + else + use_master = 0; } #ifdef USE_LOGIN_LIBRARY @@ -182,6 +184,14 @@ krb5_get_init_creds_password(krb5_context context, krb5_creds *creds, krb5_princ (prompter == NULL)) goto cleanup; + /* historically the default has been to prompt for password change. + * if the change password prompt option has not been set, we continue + * to prompt. Prompting is only disabled if the option has been set + * and the value has been set to false. + */ + if (!(options->flags & KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT)) + goto cleanup; + /* ok, we have an expired password. Give the user a few chances to change it */ |