[PATCH] Active Directory account locked when using winbind refresh tickets
Andreas Schneider
asn at samba.org
Thu Nov 24 15:49:50 UTC 2016
On Wednesday, 23 November 2016 11:19:31 CET David Mulder wrote:
> Hi all,
Hello David,
> I'm new working on the SUSE Samba team.
welcome to the Samba world :)
> I've attached a patch here, and
> also posted a pull request at https://github.com/samba-team/samba. Which
> (if any?) is the preferred why to submit patches?
The preferred way is to send git-formatted signed-off patches to the mailing
list. See
https://wiki.samba.org/index.php/Contribute#How_to_Provide_C_Patches_for_Samba
https://www.samba.org/samba/devel/copyright-policy.html
> This is to resolve an issue where user accounts get locked out due to
> winbind refreshing tickets using cached passwords (after the password
> has been modified, but the wrong password is still cached).
>
> It's my opinion that the password kinit should be disabled by default.
> Does anyone disagree?
I think so, Günther?
However we need a better parameter name for that.
> I suspect I may need to add a check to krb5_ticket_gain_handler() also.
Looking at the patch I don't get the relation to krb5_ticket_gain_handler().
Cheers,
Andreas
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
More information about the samba-technical
mailing list