[Freeipa-users] Unable to start the krb5kdc
Simo Sorce
ssorce at redhat.com
Fri Jan 28 22:43:43 UTC 2011
On Fri, 28 Jan 2011 17:39:14 -0500
James Roman <james.roman at ssaihq.com> wrote:
> On 01/28/2011 10:39 AM, Simo Sorce wrote:
> >
> > Rirst of all.
> > I am glad this was resolved, it looked puzzling indeed.
> >
> > I just want to note that we do not support using the DS password
> > policy in ipa as we already have the kerberos pw policy, that's why
> > the uid=kdc was not "protected" against it.
> >
> > In v2 we perfected the pw policies check so that the kerberos
> > policies covers also binds done against DS directly.
> Just to clarify, in v2 Kerberos password policies also cover ldap
> binds?
Yes with have a bind pre/post op plugin that enforces the same
account/password policies for ldap binds too.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list