Handle new error code for IPA password migration
This commit is contained in:
parent
1fd6df7177
commit
cfb3146269
@ -0,0 +1,31 @@
|
|||||||
|
From 63bf0b7697d5a51b5338070d0e2652d49a4728ce Mon Sep 17 00:00:00 2001
|
||||||
|
From: Sumit Bose <sbose@redhat.com>
|
||||||
|
Date: Tue, 11 Mar 2014 13:16:14 +0100
|
||||||
|
Subject: [PATCH] IPA/KRB5: handle KRB5_PROG_ETYPE_NOSUPP during IPA password
|
||||||
|
migration
|
||||||
|
|
||||||
|
Fixes https://fedorahosted.org/sssd/ticket/2279
|
||||||
|
|
||||||
|
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
||||||
|
---
|
||||||
|
src/providers/krb5/krb5_child.c | 4 ++++
|
||||||
|
1 file changed, 4 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
|
||||||
|
index 1a677b8..1bff0e9 100644
|
||||||
|
--- a/src/providers/krb5/krb5_child.c
|
||||||
|
+++ b/src/providers/krb5/krb5_child.c
|
||||||
|
@@ -990,6 +990,10 @@ static errno_t map_krb5_error(krb5_error_code kerr)
|
||||||
|
case KRB5KRB_AP_ERR_BAD_INTEGRITY:
|
||||||
|
return ERR_AUTH_FAILED;
|
||||||
|
|
||||||
|
+ /* ERR_CREDS_INVALID is used to indicate to the IPA provider that trying
|
||||||
|
+ * password migration would make sense. All Kerberos error codes which can
|
||||||
|
+ * be seen while migrating LDAP users to IPA should be added here. */
|
||||||
|
+ case KRB5_PROG_ETYPE_NOSUPP:
|
||||||
|
case KRB5_PREAUTH_FAILED:
|
||||||
|
case KRB5KDC_ERR_PREAUTH_FAILED:
|
||||||
|
return ERR_CREDS_INVALID;
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
@ -14,7 +14,7 @@
|
|||||||
|
|
||||||
Name: sssd
|
Name: sssd
|
||||||
Version: 1.11.4
|
Version: 1.11.4
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
Group: Applications/System
|
Group: Applications/System
|
||||||
Summary: System Security Services Daemon
|
Summary: System Security Services Daemon
|
||||||
License: GPLv3+
|
License: GPLv3+
|
||||||
@ -29,6 +29,7 @@ Patch0003: 0003-ipa-server-mode-use-lower-case-user-name-for-home-di.patch
|
|||||||
Patch0004: 0004-IPA-Do-not-save-intermediate-data-to-sysdb.patch
|
Patch0004: 0004-IPA-Do-not-save-intermediate-data-to-sysdb.patch
|
||||||
Patch0005: 0005-Fix-krb5-changepw-when-FAST-only-preauth-methods-are.patch
|
Patch0005: 0005-Fix-krb5-changepw-when-FAST-only-preauth-methods-are.patch
|
||||||
Patch0006: 0006-IPA-Use-GC-for-AD-initgroup-requests.patch
|
Patch0006: 0006-IPA-Use-GC-for-AD-initgroup-requests.patch
|
||||||
|
Patch0007: 0007-IPA-KRB5-handle-KRB5_PROG_ETYPE_NOSUPP-during-IPA-pa.patch
|
||||||
|
|
||||||
Patch0602: 0602-FEDORA-Add-CIFS-idmap-plugin.patch
|
Patch0602: 0602-FEDORA-Add-CIFS-idmap-plugin.patch
|
||||||
|
|
||||||
@ -737,6 +738,9 @@ fi
|
|||||||
%postun -n libsss_idmap -p /sbin/ldconfig
|
%postun -n libsss_idmap -p /sbin/ldconfig
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Mar 13 2014 Sumit Bose <sbose@redhat.com> - 1.11.4-3
|
||||||
|
- Handle new error code for IPA password migration
|
||||||
|
|
||||||
* Mon Mar 11 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.4-2
|
* Mon Mar 11 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.4-2
|
||||||
- Include couple of patches from upstream 1.11 branch
|
- Include couple of patches from upstream 1.11 branch
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user