[PATCH] s3-winbind: Do not delete an existing valid credential cache.
Andreas Schneider
asn at samba.org
Mon Jul 15 02:52:45 MDT 2013
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9994
Thanks to David Woodhouse <dwmw2 at infradead.org>.
Signed-off-by: Andreas Schneider <asn at samba.org>
---
source3/winbindd/winbindd_pam.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 158a7c4..aed4741 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -685,6 +685,14 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
failed:
+ /*
+ * Do not delete an existing valid credential cache, if the user
+ * e.g. enters a wrong password
+ */
+ if ((strequal(krb5_cc_type, "FILE") || strequal(krb5_cc_type, "WRFILE"))
+ && user_ccache_file != NULL) {
+ return result;
+ }
/* we could have created a new credential cache with a valid tgt in it
* but we werent able to get or verify the service ticket for this
--
1.8.3.1
More information about the samba-technical
mailing list