[sssd] Fix the Kerberos password expiration warning (#912223)

Thu Feb 21 10:55:09 UTC 2013

commit 21a05ac5408c28f4fd9f979193f53be80afc2a93
Author: Jakub Hrozek <jhrozek at redhat.com>
Date:   Thu Feb 21 11:53:21 2013 +0100

    Fix the Kerberos password expiration warning (#912223)

 ...-Fix-the-krb5-password-expiration-warning.patch |   39 ++++++++++++++++++++
 sssd.spec                                          |    6 +++-
 2 files changed, 44 insertions(+), 1 deletions(-)
---

diff --git a/0005-Fix-the-krb5-password-expiration-warning.patch b/0005-Fix-the-krb5-password-expiration-warning.patch
new file mode 100644
index 0000000..3996494
--- /dev/null
+++ b/0005-Fix-the-krb5-password-expiration-warning.patch
@@ -0,0 +1,39 @@
+From e354a96bbca5da8525ee51f91907e75af897b856 Mon Sep 17 00:00:00 2001
+From: Jakub Hrozek <jhrozek at redhat.com>
+Date: Thu, 14 Feb 2013 10:13:59 +0100
+Subject: [PATCH] Fix the krb5 password expiration warning
+
+https://fedorahosted.org/sssd/ticket/1808
+---
+ src/confdb/confdb.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
+index 31efd9443be8490715961c8a45f9352bd1ade653..31c48bd28aee37008687e7e255ebf2ef2d79798a 100644
+--- a/src/confdb/confdb.c
++++ b/src/confdb/confdb.c
+@@ -1020,7 +1020,11 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
+         goto done;
+     }
+ 
+-    /* Set the PAM warning time, if specified */
++    /* Set the PAM warning time, if specified. If not specified, pass on
++     * the "not set" value of "-1" which means "use provider default". The
++     * value 0 means "always display the warning if server sends one" */
++    domain->pwd_expiration_warning = -1;
++
+     val = ldb_msg_find_attr_as_int(res->msgs[0],
+                                    CONFDB_DOMAIN_PWD_EXPIRATION_WARNING,
+                                    -1);
+@@ -1035,6 +1039,8 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
+     }
+ 
+     if (val > 0) {
++        DEBUG(SSSDBG_CONF_SETTINGS,
++              ("Setting domain password expiration warning to %d days\n", val));
+         /* The value is in days, transform it to seconds */
+         domain->pwd_expiration_warning = val * 24 * 3600;
+     }
+-- 
+1.8.1.2
+
diff --git a/sssd.spec b/sssd.spec
index 6e3dde1..304350b 100644
--- a/sssd.spec
+++ b/sssd.spec
@@ -16,7 +16,7 @@
 
 Name: sssd
 Version: 1.9.4
-Release: 7%{?dist}
+Release: 8%{?dist}
 Group: Applications/System
 Summary: System Security Services Daemon
 License: GPLv3+
@@ -29,6 +29,7 @@ Patch0001:  0001-krb-recreate-ccache-if-it-was-deleted.patch
 Patch0002:  0002-Don-t-use-srcdir-with-tests.patch
 Patch0003:  0003-krb5-include-backwards-compatible-declaration-of-krb.patch
 Patch0004:  0004-subdomains-replace-invalid-characters-with-underscor.patch
+Patch0005:  0005-Fix-the-krb5-password-expiration-warning.patch
 
 Patch0501:  0501-FEDORA-Switch-the-default-ccache-location.patch
 
@@ -528,6 +529,9 @@ fi
 %postun -n libsss_sudo -p /sbin/ldconfig
 
 %changelog
+* Thu Feb 14 2013 Jakub Hrozek <jhrozek at redhat.com> - 1.9.4-8
+- Fix the Kerberos password expiration warning (#912223)
+
 * Thu Feb 14 2013 Jakub Hrozek <jhrozek at redhat.com> - 1.9.4-7
 - Do not write out dots in the domain-realm mapping file (#905650)
 
