[Freeipa-devel] [PATCH] 680 ldap lockout
Rob Crittenden
rcritten at redhat.com
Mon Jan 17 15:52:27 UTC 2011
Update kerberos password policy values on LDAP binds. This is so
locked-out accounts in kerberos don't try things using LDAP instead.
On a failed bind this will update krbLoginFailedCount and
krbLastFailedAuth and will potentially fail the bind altogether.
On a successful bind it will zero krbLoginFailedCount and set
krbLastSuccessfulAuth.
This will also enforce locked-out accounts.
See http://k5wiki.kerberos.org/wiki/Projects/Lockout for details on
kerberos lockout.
ticket 343
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rcrit-680-lockout.patch
Type: text/x-patch
Size: 25312 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20110117/fb364764/attachment.bin>
More information about the Freeipa-devel
mailing list