diff options
author | Tom Yu <tlyu@mit.edu> | 2006-11-17 23:48:30 +0000 |
---|---|---|
committer | Tom Yu <tlyu@mit.edu> | 2006-11-17 23:48:30 +0000 |
commit | 2be9c8018812629d0591aa2fbdc309d5d325f743 (patch) | |
tree | cfe72c36fde2f4cab7a28719b9be8ee91e38e57f | |
parent | dba265c0276ed0fc9d929c2fd14859c0f0652498 (diff) | |
download | krb5-2be9c8018812629d0591aa2fbdc309d5d325f743.zip krb5-2be9c8018812629d0591aa2fbdc309d5d325f743.tar.gz krb5-2be9c8018812629d0591aa2fbdc309d5d325f743.tar.bz2 |
pull up r18840 from trunk
r18840@cathode-dark-space: jaltman | 2006-11-17 18:14:27 -0500
ticket: new
tags: pullup
subject: reset use_master flag when master_kdc cannot be found
krb5_get_init_creds_password:
if the master_kdc cannot be identified reset the use_master
flag. otherwise, the krb5_get_init_creds("kadmin/changepw")
call will attempt to communicate with the master_kdc that
cannot be reached.
ticket: 4802
version_fixed: 1.4.5
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18843 dc483132-0cff-0310-8789-dd5450dbe970
-rw-r--r-- | src/lib/krb5/krb/gic_pwd.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c index ef9a6b3..f9b1357 100644 --- a/src/lib/krb5/krb/gic_pwd.c +++ b/src/lib/krb5/krb/gic_pwd.c @@ -161,12 +161,14 @@ krb5_get_init_creds_password(krb5_context context, krb5_creds *creds, krb5_princ } /* if the master is unreachable, return the error from the - slave we were able to contact */ + slave we were able to contact or reset the use_master flag */ if ((ret2 != KRB5_KDC_UNREACH) && (ret2 != KRB5_REALM_CANT_RESOLVE) && (ret2 != KRB5_REALM_UNKNOWN)) ret = ret2; + else + use_master = 0; } #ifdef USE_LOGIN_LIBRARY @@ -182,6 +184,14 @@ krb5_get_init_creds_password(krb5_context context, krb5_creds *creds, krb5_princ (prompter == NULL)) goto cleanup; + /* historically the default has been to prompt for password change. + * if the change password prompt option has not been set, we continue + * to prompt. Prompting is only disabled if the option has been set + * and the value has been set to false. + */ + if (!(options->flags & KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT)) + goto cleanup; + /* ok, we have an expired password. Give the user a few chances to change it */ |