Skip to content

Commit 464a7ec

Browse files
committed
krb5_child: do not try passwords with OTP
Explanation Resolves: https://github.com/SSSD/sssd/issues/XXXX
1 parent 12150fc commit 464a7ec

File tree

1 file changed

+1
-10
lines changed

1 file changed

+1
-10
lines changed

src/providers/krb5/krb5_child.c

Lines changed: 1 addition & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -541,15 +541,6 @@ static krb5_error_code tokeninfo_matches(TALLOC_CTX *mem_ctx,
541541
size_t fa2_len;
542542

543543
switch (sss_authtok_get_type(auth_tok)) {
544-
case SSS_AUTHTOK_TYPE_PASSWORD:
545-
ret = sss_authtok_get_password(auth_tok, &pwd, &len);
546-
if (ret != EOK) {
547-
DEBUG(SSSDBG_OP_FAILURE, "sss_authtok_get_password failed.\n");
548-
return ret;
549-
}
550-
551-
return tokeninfo_matches_pwd(mem_ctx, ti, pwd, len, out_token, out_pin);
552-
break;
553544
case SSS_AUTHTOK_TYPE_2FA_SINGLE:
554545
ret = sss_authtok_get_2fa_single(auth_tok, &pwd, &len);
555546
if (ret != EOK) {
@@ -574,7 +565,7 @@ static krb5_error_code tokeninfo_matches(TALLOC_CTX *mem_ctx,
574565
"Unsupported authtok type %d\n", sss_authtok_get_type(auth_tok));
575566
}
576567

577-
return EINVAL;
568+
return EAGAIN;
578569
}
579570

580571
static krb5_error_code answer_otp(krb5_context ctx,

0 commit comments

Comments
 (0)