[Freeipa-devel] [PATCH 0034] Deny LDAP binds for user accounts with expired principal
Tomas Babej
tbabej at redhat.com
Tue Feb 12 17:03:44 UTC 2013
On 02/12/2013 05:50 PM, Tomas Babej wrote:
> Hi,
>
> This patch adds a check for krbprincipalexpiration attribute to
> pre_bind operation
> in ipa-pwd-extop dirsrv plugin. If the principal is expired, auth is
> denied and LDAP_INVALID_CREDENTIALS along with the error message is
> sent back to the client. Since krbprincipalexpiration attribute is not
> mandatory, if there is no value set, the check is passed.
>
> https://fedorahosted.org/freeipa/ticket/3305
>
> Tomas
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
I just self-reviewed the patch and noticed a memory leak. It's fixed now.
Updated patch attached.
Tomas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130212/a858595d/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-tbabej-0034-2-Deny-LDAP-binds-for-user-accounts-with-expired-princ.patch
Type: text/x-patch
Size: 4146 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130212/a858595d/attachment.bin>
More information about the Freeipa-devel
mailing list