<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 02/12/2013 05:50 PM, Tomas Babej
wrote:<br>
</div>
<blockquote cite="mid:511A72D9.6090506@redhat.com" type="cite">Hi,
<br>
<br>
This patch adds a check for krbprincipalexpiration attribute to
pre_bind operation
<br>
in ipa-pwd-extop dirsrv plugin. If the principal is expired, auth
is
<br>
denied and LDAP_INVALID_CREDENTIALS along with the error message
is
<br>
sent back to the client. Since krbprincipalexpiration attribute is
not
<br>
mandatory, if there is no value set, the check is passed.
<br>
<br>
<a class="moz-txt-link-freetext" href="https://fedorahosted.org/freeipa/ticket/3305">https://fedorahosted.org/freeipa/ticket/3305</a>
<br>
<br>
Tomas
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Freeipa-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-devel@redhat.com">Freeipa-devel@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-devel">https://www.redhat.com/mailman/listinfo/freeipa-devel</a></pre>
</blockquote>
<br>
I just self-reviewed the patch and noticed a memory leak. It's fixed
now.<br>
<br>
Updated patch attached.<br>
<br>
Tomas<br>
</body>
</html>