[PATCH] Active Directory account locked when using winbind refresh tickets

David Mulder dmulder at suse.com
Fri Dec 2 14:42:31 UTC 2016

I've attached a better patch.

On 11/24/2016 08:49 AM, Andreas Schneider wrote:
> On Wednesday, 23 November 2016 11:19:31 CET David Mulder wrote:
>> Hi all,
> Hello David,
>> I'm new working on the SUSE Samba team.
> welcome to the Samba world :)
>> I've attached a patch here, and
>> also posted a pull request at https://github.com/samba-team/samba. Which
>> (if any?) is the preferred why to submit patches?
> The preferred way is to send git-formatted signed-off patches to the mailing
> list. See
> https://wiki.samba.org/index.php/Contribute#How_to_Provide_C_Patches_for_Samba
> https://www.samba.org/samba/devel/copyright-policy.html
>> This is to resolve an issue where user accounts get locked out due to
>> winbind refreshing tickets using cached passwords (after the password
>> has been modified, but the wrong password is still cached).
>> It's my opinion that the password kinit should be disabled by default.
>> Does anyone disagree?
> I think so, Günther?
> However we need a better parameter name for that.
>> I suspect I may need to add a check to krb5_ticket_gain_handler() also.
> Looking at the patch I don't get the relation to krb5_ticket_gain_handler().
> Cheers,
> 	Andreas

David Mulder
SUSE Labs Software Engineer - Samba
dmulder at suse.com
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-s3-winbindd-Active-Directory-account-locked-when-usi.patch
Type: text/x-patch
Size: 3485 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20161202/eb8ba2ed/0001-s3-winbindd-Active-Directory-account-locked-when-usi.bin>

More information about the samba-technical mailing list