-
Lutz Justen authored
If ${PASSWORD} is present in KerberosAccounts, store the login password in the kernel keyring. The Kerberos system daemon will then grab the password to authenticate to a Kerberos account. Also moves the call to InitializePrimaryProfileServices to an earlier place. The KerberosCredentialsManager, which is created there, has to be created when the login password is still stored in the user context, so that UserSessionManager has a chance to send it to the session manager (see SaveLoginPassword). However, the call happened when the password was already cleared, see user_context_.ClearSecrets() in FinalizePrepareProfile. BUG=chromium:952240 TEST=Manually tested on device (enabled KerberosEnabled policy, set ${PASSWORD} as password for an account in KerberosAccounts, changed Gaia password to patch Kerberos password, logged in, verified in chrome:settings/kerberosAccounts that the ticket was valid. Change-Id: I3d82b293c3d236b03928cd5cd75edbea6c8999a1 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1656570Reviewed-by:Colin Blundell <blundell@chromium.org> Reviewed-by:
Steven Bennetts <stevenjb@chromium.org> Reviewed-by:
Pavol Marko <pmarko@chromium.org> Reviewed-by:
Xiyuan Xia <xiyuan@chromium.org> Reviewed-by:
May Lippert <maybelle@chromium.org> Commit-Queue: Lutz Justen <ljusten@chromium.org> Cr-Commit-Position: refs/heads/master@{#671983}
9bb4fadf
