add nob for [kadmin]allow_self_change_password

2011-07-30 12:34:40 -07:00
parent 0ed83cebd3
commit 63672067ea
1 changed files with 7 additions and 4 deletions
--- a/kadmin/server.c
+++ b/kadmin/server.c
@@ -235,14 +235,17 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,

 	/*
 	 * The change is allowed if at least one of:
-
-	 * a) it's for the principal him/herself and this was an
+	 *
+	 * a) allowed by sysadmin
+	 * b) it's for the principal him/herself and this was an
 	 *    initial ticket, but then, check with the password quality
 	 *    function.
-	 * b) the user is on the CPW ACL.
+	 * c) the user is on the CPW ACL.
 	 */

-	if (initial
+	if (krb5_config_get_bool_default(contextp->context, NULL, TRUE,
+					 "kadmin", "allow_self_change_password", NULL)
+	    && initial
 	    && krb5_principal_compare (contextp->context, contextp->caller,
 				       princ))
 	{