On Fri, 2014-03-21 at 18:18 +0100, Jakub Hrozek wrote:
On Fri, Mar 21, 2014 at 04:40:22PM +0100, Sumit Bose wrote:
> On Fri, Mar 21, 2014 at 02:22:47PM +0100, Sumit Bose wrote:
> > Hi,
> >
> > a recent patch unified the usage of the krb5_get_init_creds_opt options
> > to make sure the same set of FAST related options are uses for
> > authentication and password changes. Before changing the password some
> > options were set to special values but were not reverted before
> > requesting a new TGT with the new password. As a result the new TGT will
> > have some unexpected options set or the request might even fail.
> >
> > This patch set resets the password change related option to their
> > original values before requesting the new TGT.
> >
> > The first two patches are just refactorings which are required to keep
> > the third patch simple.
> >
> > bye,
> > Sumit
>
> On IRC Jakub pointed out that the lifetimes are not correctly reset if
> not given explicitly. Additionally he asked to rename
> krb5_set_canonicalize().
>
> New versions attached. The rename of krb5_set_canonicalize() is now in a
> separate patch.
>
> bye,
> Sumit
This time the patches work as expected. I tested password change against
AD and also OTP password change against IPA.
ACK to all patches.
Pushed all to master and sssd-1-11