s4:kdc Allow a password change when the password is expired

This requires a rework on Heimdal's windc plugin layer, as we want full control over what tickets Heimdal will issue. (In particular, in case our requirements become more complex in future). The original problem was that Heimdal's check would permit the ticket, but Samba would then deny it, not knowing it was for kadmin/changepw Also (in hdb-samba4) be a bit more careful on what entries we will make the 'change_pw' service mark that this depends on. Andrew Bartlett
author: Andrew Bartlett <abartlet@samba.org> 2009-06-18 11:08:46 +1000
committer: Andrew Bartlett <abartlet@samba.org> 2009-06-18 13:49:30 +1000
commit: 19413c52495877d54c90c60229568d0077fda30b (patch)
tree: c148e96ba2ff28933f2d5f3714b8fc7e60957dec /source4/heimdal/kdc/krb5tgs.c
parent: 2afc6df9b49a246129acdd7c8c24448c8cf3b6ef (diff)
download: samba-19413c52495877d54c90c60229568d0077fda30b.tar.gz
1 files changed, 4 insertions, 4 deletions
diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c
index 3abdb18ae48..59104da3d60 100644
--- a/source4/heimdal/kdc/krb5tgs.c
+++ b/source4/heimdal/kdc/krb5tgs.c
@@ -1860,10 +1860,10 @@ server_lookup:
      * Check flags
      */
 
-    ret = _kdc_check_flags(context, config,
-			   client, cpn,
-			   server, spn,
-			   FALSE);
+    ret = kdc_check_flags(context, config,
+			  client, cpn,
+			  server, spn,
+			  FALSE);
     if(ret)
 	goto out;
author	Andrew Bartlett <abartlet@samba.org>	2009-06-18 11:08:46 +1000
committer	Andrew Bartlett <abartlet@samba.org>	2009-06-18 13:49:30 +1000
commit	19413c52495877d54c90c60229568d0077fda30b (patch)
tree	c148e96ba2ff28933f2d5f3714b8fc7e60957dec /source4/heimdal/kdc/krb5tgs.c
parent	2afc6df9b49a246129acdd7c8c24448c8cf3b6ef (diff)
download	samba-19413c52495877d54c90c60229568d0077fda30b.tar.gz