[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-devel] krbpwdpolicypreference issues



On 12/20/2013 03:07 PM, Simo Sorce wrote:
On Fri, 2013-12-20 at 14:59 +0100, Petr Viktorin wrote:
On 12/20/2013 02:46 PM, Simo Sorce wrote:
On Fri, 2013-12-20 at 10:22 +0100, Petr Viktorin wrote:
On 12/19/2013 10:24 PM, Simo Sorce wrote:
I have been looking at how we deal with krbpwdpolicypreference as we
found issues with AD synced users, which get no password policy :/

I found out that we do not rely on CoS anymore for setting the attribute
(origin of this bug I would guess), but instead explicitly set the
policy on user objects.

Why is that ?

Also I still see in bootstrap-template.ldif that we create a Password
Policy object in cn=accounts in theory, but I do not have this object on
my server, what happens to it, what removes it ? Why ?

I don't see it in any update file. Was your server installed before this
was added (2009-10-02)?

Actually it is indeed possible, but then why there was no update file
with the change ?

Maybe Rob can tell us a reason. It was added in commit dac224c2.
Most likely it's a bug, please file a ticket.

Ok, anyway this part was not interesting, I am more interested in why we
explicitly add krbpwdpolicypreference to the user object and do not use
CoS for the default ?

I found some discussion at https://fedorahosted.org/freeipa/ticket/51. For further questions I guess you'll need to wait for Rob.

--
PetrĀ³


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]