On Mon, 2009-10-05 at 17:10 +0200, Sumit Bose wrote:
>
> I asked Jenny for a third opinion and she vote for the second version,
> i.e. returning the wrong password error.
ok pushed all 3 to master.
Simo.
___
sssd-devel mailing list
sssd-devel@lists.fe
On Mon, Oct 05, 2009 at 10:45:04AM -0400, Simo Sorce wrote:
>
> On Mon, 2009-10-05 at 14:06 +0200, Sumit Bose wrote:
> > On Mon, Oct 05, 2009 at 06:48:14AM -0400, Simo Sorce wrote:
> > > On Mon, 2009-10-05 at 10:45 +0200, Sumit Bose wrote:
> > > > - currently PAM_AUTHTOK_EXPIRED is returned if the
On Mon, 2009-10-05 at 14:06 +0200, Sumit Bose wrote:
> On Mon, Oct 05, 2009 at 06:48:14AM -0400, Simo Sorce wrote:
> > On Mon, 2009-10-05 at 10:45 +0200, Sumit Bose wrote:
> > > - currently PAM_AUTHTOK_EXPIRED is returned if the password is
> expired
> > > regardless of the supplied password is
On Mon, Oct 05, 2009 at 06:48:14AM -0400, Simo Sorce wrote:
> On Mon, 2009-10-05 at 10:45 +0200, Sumit Bose wrote:
> > - currently PAM_AUTHTOK_EXPIRED is returned if the password is expired
> > regardless of the supplied password is correct or not. Would it be
> > better to return a different e
On Mon, 2009-10-05 at 10:45 +0200, Sumit Bose wrote:
> - currently PAM_AUTHTOK_EXPIRED is returned if the password is expired
> regardless of the supplied password is correct or not. Would it be
> better to return a different error if the password is wrong?
We should return an auth error if th
Hi,
with the three attached patches pam_sss can handle expired kerberos passwords:
- 0001: kerberos provider returns PAM_AUTHTOK_EXPIRED if KDC returns
KRB5KDC_ERR_KEY_EXP
- 0002: some refactoring of pam_sss
- 0003: query the user for a new password if sssd returns
PAM_AUTHTOK_EXPIRED
All thi
