[PATCH] Active Directory account locked when using winbind refresh tickets

Andreas Schneider asn at samba.org
Thu Nov 24 15:49:50 UTC 2016


On Wednesday, 23 November 2016 11:19:31 CET David Mulder wrote:
> Hi all,

Hello David,

> I'm new working on the SUSE Samba team.

welcome to the Samba world :)

> I've attached a patch here, and
> also posted a pull request at https://github.com/samba-team/samba. Which
> (if any?) is the preferred why to submit patches?

The preferred way is to send git-formatted signed-off patches to the mailing 
list. See

https://wiki.samba.org/index.php/Contribute#How_to_Provide_C_Patches_for_Samba

https://www.samba.org/samba/devel/copyright-policy.html

> This is to resolve an issue where user accounts get locked out due to
> winbind refreshing tickets using cached passwords (after the password
> has been modified, but the wrong password is still cached).
> 
> It's my opinion that the password kinit should be disabled by default.
> Does anyone disagree?

I think so, G√ľnther?

However we need a better parameter name for that.
 
> I suspect I may need to add a check to krb5_ticket_gain_handler() also.


Looking at the patch I don't get the relation to krb5_ticket_gain_handler().


Cheers,


	Andreas

-- 
Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at samba.org
www.samba.org



More information about the samba-technical mailing list