[Freeipa-devel] [PATCH 0047] kdb: Don't provide password expiration when using only RADIUS
Alexander Bokovoy
abokovoy at redhat.com
Thu May 22 14:43:30 UTC 2014
On Thu, 22 May 2014, Nathaniel McCallum wrote:
>On Fri, 2014-05-02 at 17:49 -0400, Nathaniel McCallum wrote:
>> If the KDC doesn't use the FreeIPA password for authentication, then it
>> is futile to provide this information. Doing so will only confuse the
>> user. It also causes password change dialogues when the password is
>> irrelevant.
>>
>> https://fedorahosted.org/freeipa/ticket/4299
>
>This new version fixes a small logic bug. This should be an easy review.
ACK.
>
>Nathaniel
>>From 9764b91aa976ca1ed48885d5ace555b6b263080a Mon Sep 17 00:00:00 2001
>From: Nathaniel McCallum <npmccallum at redhat.com>
>Date: Fri, 2 May 2014 14:55:07 -0400
>Subject: [PATCH] kdb: Don't provide password expiration when using only RADIUS
>
>If the KDC doesn't use the FreeIPA password for authentication, then it is
>futile to provide this information. Doing so will only confuse the user. It
>also causes password change dialogues when the password is irrelevant.
>
>https://fedorahosted.org/freeipa/ticket/4299
>---
> daemons/ipa-kdb/ipa_kdb_principals.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
>diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c
>index f0be76ea7b36efe3540429f7e31ffbc582edd060..d2be98886ef865eaabf7d5935994281ec262a2c8 100644
>--- a/daemons/ipa-kdb/ipa_kdb_principals.c
>+++ b/daemons/ipa-kdb/ipa_kdb_principals.c
>@@ -429,6 +429,10 @@ static krb5_error_code ipadb_parse_ldap_entry(krb5_context kcontext,
> switch (ret) {
> case 0:
> entry->pw_expiration = restime;
>+
>+ /* If we are using only RADIUS, we don't know expiration. */
>+ if (ua == IPADB_USER_AUTH_RADIUS)
>+ entry->pw_expiration = 0;
> case ENOENT:
> break;
> default:
>--
>1.9.3
>
>_______________________________________________
>Freeipa-devel mailing list
>Freeipa-devel at redhat.com
>https://www.redhat.com/mailman/listinfo/freeipa-devel
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list