rpms / sssd

Clone
Source Code
GIT

Files

  1.   8b3b8d531a50c934cb06c60812f72d89f2d9f687
  2.   0029-KRB5-Go-offline-in-case-of-clock-skew.patch
Blob Blame History Raw 
From a508cec11bdc27a5fcce99177e74938bc90ab668 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Thu, 28 Nov 2013 16:00:59 +0100
Subject: [PATCH 29/45] KRB5: Go offline in case of clock skew

https://fedorahosted.org/sssd/ticket/1096

In case the KDC has skewed time, we can retry with the next one and
eventually go offline if no KDC has time in sync with the client.
Previously, authentication with wrong time resulted in System Error.

(cherry picked from commit 83011d97d17bd00e99ccf1e0302167a6bc0db84e)
---
 src/providers/krb5/krb5_child.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index 34652014e6a99632aa01114c003bf878c73740be..b9cc94f7913f3ea9c04034b98808738b554ab260 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -1050,6 +1050,7 @@ static errno_t map_krb5_error(krb5_error_code kerr)
     case KRB5_LIBOS_CANTREADPWD:
         return ERR_NO_CREDS;
 
+    case KRB5KRB_AP_ERR_SKEW:
     case KRB5_KDC_UNREACH:
     case KRB5_REALM_CANT_RESOLVE:
         return ERR_NETWORK_IO;
-- 
2.4.3
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.