sssd/0111-krb5-try-delayed-online-authentication-only-for-sing.patch

From e1ad152a8a5b305f5a0267eba7fc9d300d19a4f1 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Wed, 25 Mar 2015 12:04:57 +0100
Subject: [PATCH 111/114] krb5: try delayed online authentication only for
 single factor auth
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit 2d0e7658198d1aa6e3926bf967ff683660249114)
---
 src/providers/krb5/krb5_auth.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index b003a8a000117722078d299127cf60337a016ca5..91989df428b2a574a0e45ec01569cf94f7841725 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -207,6 +207,13 @@ static void krb5_auth_cache_creds(struct krb5_ctx *krb5_ctx,
     const char *password = NULL;
     errno_t ret;
 
+    if (sss_authtok_get_type(pd->authtok) != SSS_AUTHTOK_TYPE_PASSWORD) {
+        DEBUG(SSSDBG_MINOR_FAILURE,
+              "Delayed authentication is only available for password "
+              "authentication (single factor).\n");
+        return;
+    }
+
     ret = sss_authtok_get_password(pd->authtok, &password, NULL);
     if (ret != EOK) {
         DEBUG(SSSDBG_FATAL_FAILURE,
-- 
2.4.0
Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures 2015-05-08 12:53:58 +00:00			`From e1ad152a8a5b305f5a0267eba7fc9d300d19a4f1 Mon Sep 17 00:00:00 2001`
			`From: Sumit Bose <sbose@redhat.com>`
			`Date: Wed, 25 Mar 2015 12:04:57 +0100`
			`Subject: [PATCH 111/114] krb5: try delayed online authentication only for`
			`single factor auth`
			`MIME-Version: 1.0`
			`Content-Type: text/plain; charset=UTF-8`
			`Content-Transfer-Encoding: 8bit`

			`Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>`
			`(cherry picked from commit 2d0e7658198d1aa6e3926bf967ff683660249114)`
			`---`
			`src/providers/krb5/krb5_auth.c \| 7 +++++++`
			`1 file changed, 7 insertions(+)`

			`diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c`
			`index b003a8a000117722078d299127cf60337a016ca5..91989df428b2a574a0e45ec01569cf94f7841725 100644`
			`--- a/src/providers/krb5/krb5_auth.c`
			`+++ b/src/providers/krb5/krb5_auth.c`
			`@@ -207,6 +207,13 @@ static void krb5_auth_cache_creds(struct krb5_ctx *krb5_ctx,`
			`const char *password = NULL;`
			`errno_t ret;`

			`+ if (sss_authtok_get_type(pd->authtok) != SSS_AUTHTOK_TYPE_PASSWORD) {`
			`+ DEBUG(SSSDBG_MINOR_FAILURE,`
			`+ "Delayed authentication is only available for password "`
			`+ "authentication (single factor).\n");`
			`+ return;`
			`+ }`
			`+`
			`ret = sss_authtok_get_password(pd->authtok, &password, NULL);`
			`if (ret != EOK) {`
			`DEBUG(SSSDBG_FATAL_FAILURE,`
			`--`
			`2.4.0`