53                                krb5_principal client, const char *password,
808 static char *password_or_responder(const char *password)
815     return discard_const(password);
843         DEBUG(SSSDBG_CRIT_FAILURE, "Cannot handle password prompts.\n");
1578                                  krb5_principal client, const char *password,
1595     if (password != NULL) {
1596         kerr = krb5_init_creds_set_password(context, init_cred_ctx, password);
1630                                         const char *password)
1681                                             password_or_responder(password),
1688          * possible authentication methods to update the password. */
1697             /* Special case for IPA password migration */
1840      * password migration would make sense. All Kerberos error codes which can
1868     const char *password = NULL;
1886         ret = sss_authtok_get_password(kr->pd->authtok, &password, NULL);
1889                   "Failed to fetch current password [%d] %s.\n",
1896         /* We do not need a password expiration warning here. */
1910                                             password_or_responder(password),
1917         ret = pack_user_info_chpass_error(kr->pd, "Old password not accepted.",
1937               "Initial authentication for change password operation "
1945         DEBUG(SSSDBG_CRIT_FAILURE, "Failed to fetch new password [%d] %s.\n",
1988                                  "password meets the complexity constraints.");
2028     /* We changed some of the GIC options for the password change, now we have
2034         DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set password for fresh TGT.\n");
2085     const char *password = NULL;
2091     /* No password is needed for pre-auth or if we have 2FA or SC */
2097         ret = sss_authtok_get_password(kr->pd->authtok, &password, NULL);
2114     kerr = get_and_save_tgt(kr, password);
2132     /* If the password is expired, the KDC will always return
2133        KRB5KDC_ERR_KEY_EXP regardless if the supplied password is correct or
2134        not. In general the password can still be used to get a changepw ticket.
2135        So we validate the password by trying to get a changepw ticket. */
2148                                             password_or_responder(password),
2157          * be send back to the client. Even if the password is expired we
2159          * update the password. */
2174         /* If the password is expired, we can safely remove the ccache from the
3073     /* A prompter is used to catch messages about when a password will
3074      * expire. The library shall not use the prompter to ask for a new password
3357         DEBUG(SSSDBG_TRACE_FUNC, "Will perform password change\n");
3361         DEBUG(SSSDBG_TRACE_FUNC, "Will perform password change checks\n");

Indexes created Tue Jul 24 14:28:13 CEST 2018