[Freeipa-devel] krbpwdpolicypreference issues
Petr Viktorin
pviktori at redhat.com
Fri Dec 20 13:59:34 UTC 2013
On 12/20/2013 02:46 PM, Simo Sorce wrote:
> On Fri, 2013-12-20 at 10:22 +0100, Petr Viktorin wrote:
>> On 12/19/2013 10:24 PM, Simo Sorce wrote:
>>> I have been looking at how we deal with krbpwdpolicypreference as we
>>> found issues with AD synced users, which get no password policy :/
>>>
>>> I found out that we do not rely on CoS anymore for setting the attribute
>>> (origin of this bug I would guess), but instead explicitly set the
>>> policy on user objects.
>>>
>>> Why is that ?
>>>
>>> Also I still see in bootstrap-template.ldif that we create a Password
>>> Policy object in cn=accounts in theory, but I do not have this object on
>>> my server, what happens to it, what removes it ? Why ?
>>
>> I don't see it in any update file. Was your server installed before this
>> was added (2009-10-02)?
>
> Actually it is indeed possible, but then why there was no update file
> with the change ?
Maybe Rob can tell us a reason. It was added in commit dac224c2.
Most likely it's a bug, please file a ticket.
--
Petr³
More information about the Freeipa-devel
mailing list