[Freeipa-devel] [freeipa PR#342][opened] password policy: Add explicit default password policy for hosts and services
dkupka
freeipa-github-notification at redhat.com
Wed Dec 14 16:36:18 UTC 2016
URL: https://github.com/freeipa/freeipa/pull/342
Author: dkupka
Title: #342: password policy: Add explicit default password policy for hosts and services
Action: opened
PR body:
"""
Set explicitly krbPwdPolicyReference attribute to all hosts (entries in
cn=computers,cn=accounts), services (entries in cn=services,cn=accounts) and
Kerberos services (entries in cn=$REALM,cn=kerberos). This is done using DS's
CoS so no attributes are really added.
The default policies effectively disable any enforcement or lockout for hosts
and services. Since hosts and services use keytabs passwords enforcements
doesn't make much sense. Also the lockout policy could be used for easy and
cheap DoS.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/342/head:pr342
git checkout pr342
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pr-342.patch
Type: text/x-diff
Size: 7697 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20161214/579e3800/attachment.bin>
More information about the Freeipa-devel
mailing list