[Freeipa-devel] [PATCH] 680 ldap lockout
Jan Zeleny
jzeleny at redhat.com
Mon Jan 17 19:41:46 UTC 2011
Rob Crittenden <rcritten at redhat.com> wrote:
> Update kerberos password policy values on LDAP binds. This is so
> locked-out accounts in kerberos don't try things using LDAP instead.
>
> On a failed bind this will update krbLoginFailedCount and
> krbLastFailedAuth and will potentially fail the bind altogether.
>
> On a successful bind it will zero krbLoginFailedCount and set
> krbLastSuccessfulAuth.
>
> This will also enforce locked-out accounts.
>
> See http://k5wiki.kerberos.org/wiki/Projects/Lockout for details on
> kerberos lockout.
>
> ticket 343
Ack, good job
Jan
More information about the Freeipa-devel
mailing list