[Freeipa-devel] [PATCH] 480 Do not store LastPwdChange unless it really changed
Simo Sorce
simo at redhat.com
Tue Feb 14 14:07:59 UTC 2012
Due to an idiosyncrasy of kadmin, the right flag to indicate
krbLastPwdChange is changed is not set. The previous check ended up
always saving the data in all cases because the data was always present.
Restrict it to store a password change when there is actually new key
material.
This prevents also audit operations to cause replications.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-simo-480-1-ipa-kdb-set-krblastpwdchange-only-when-keys-have-bee.patch
Type: text/x-patch
Size: 1500 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120214/e195530e/attachment.bin>
More information about the Freeipa-devel
mailing list