On Sun, Sep 09, 2012 at 04:11:07PM +0200, Joschi Brauchle wrote: > Hello Jakub, > > I have prepared a patch (see Novell bugzilla) that adds a check for > the "Decrypt integrity check failed" Kerberos error code to the > switch statement, which then returns PAM_AUTH_ERR. > > I tested that patch with OpenSUSE12.2 + KDM as well as SSH password > based login and can confirm that the misleading error message goes > away (for SSH there was only a misleading syslog error but not for > the user). > > However, the mentioned patch only changes the PAM return code when > using Kerberos with a password. I am not sure if there may be other > spots in the krb5_child that may also need fixing, as there are > other possibilities to use Kerberos auth (forwarded TGT, keytab, and > so on). > > Best regards, > Joschi Brauchle >
Yep, my patch added the same handler as your did, just inside a new function that is also reused during password change. Thanks again! _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
