[PATCH] fixes account locked when using winbind refresh tickets
David Mulder
dmulder at suse.com
Thu Jan 11 23:45:06 UTC 2018
Fixes bug 13212.
Lockouts were caused by winbind cached passwords being used to re-kinit
users after a period of being offline (and tickets expiring), except
that the password had been changed and caused badPwdCount to increase.
This happening on multiple machines at once locked out the user accounts.
source3/libads/ads_ldap_protos.h | 2 +
source3/libads/ldap.c | 27 ++++++++
source3/winbindd/winbindd.h | 1 +
source3/winbindd/winbindd_cred_cache.c | 109
+++++++++++++++++++++++++++++++--
source3/winbindd/winbindd_pam.c | 7 ++-
source3/winbindd/winbindd_proto.h | 3 +-
6 files changed, 142 insertions(+), 7 deletions(-)
--
David Mulder
SUSE Labs Software Engineer - Samba
dmulder at suse.com
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-winbind-account-locked-when-using-winbind-refresh-ti.patch
Type: text/x-patch
Size: 9470 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20180111/486142a2/0001-winbind-account-locked-when-using-winbind-refresh-ti.bin>
More information about the samba-technical
mailing list