[Freeipa-users] Unable to start the krb5kdc
James Roman
james.roman at ssaihq.com
Fri Jan 28 22:39:14 UTC 2011
On 01/28/2011 10:39 AM, Simo Sorce wrote:
>
> Rirst of all.
> I am glad this was resolved, it looked puzzling indeed.
>
> I just want to note that we do not support using the DS password policy
> in ipa as we already have the kerberos pw policy, that's why the uid=kdc
> was not "protected" against it.
>
> In v2 we perfected the pw policies check so that the kerberos policies
> covers also binds done against DS directly.
Just to clarify, in v2 Kerberos password policies also cover ldap binds?
> I also am adding a patch so that uid=kdc is protected in case DS policy
> is enabled nonetheless for whatever reason.
>
> Simo.
>
More information about the Freeipa-users
mailing list