Reset failed login count to 0 when admin resets password.

https://fedorahosted.org/freeipa/ticket/1441
author: Rob Crittenden <rcritten@redhat.com> 2011-07-06 16:26:27 -0400
committer: Martin Kosek <mkosek@redhat.com> 2011-07-13 10:46:22 +0200
commit: f534445e26ebfca38afe1c834ba088cbcbc24e37 (patch)
tree: 394fb052d163c5d5ad0cf400148bdc2c567eee9b
parent: b2c5b2b4b54349f878f17a9378261d58d41af052 (diff)
download: freeipa-f534445e26ebfca38afe1c834ba088cbcbc24e37.tar.gz
freeipa-f534445e26ebfca38afe1c834ba088cbcbc24e37.tar.xz
freeipa-f534445e26ebfca38afe1c834ba088cbcbc24e37.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c
index 5ff214e50..25557aa94 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c
@@ -1197,6 +1197,12 @@ int ipapwd_SetPassword(struct ipapwd_krbcfg *krbcfg,
         slapi_mods_add_string(smods, LDAP_MOD_REPLACE,
                               "sambaPwdLastset", modtime);
     }
+    if (is_krb) {
+        if (data->changetype == IPA_CHANGETYPE_ADMIN) {
+            slapi_mods_add_string(smods, LDAP_MOD_REPLACE,
+                                 "krbLoginFailedCount", "0");
+        }
+    }
     /* let DS encode the password itself, this allows also other plugins to
      * intercept it to perform operations like synchronization with Active
      * Directory domains through the replication plugin */
author	Rob Crittenden <rcritten@redhat.com>	2011-07-06 16:26:27 -0400
committer	Martin Kosek <mkosek@redhat.com>	2011-07-13 10:46:22 +0200
commit	f534445e26ebfca38afe1c834ba088cbcbc24e37 (patch)
tree	394fb052d163c5d5ad0cf400148bdc2c567eee9b
parent	b2c5b2b4b54349f878f17a9378261d58d41af052 (diff)
download	freeipa-f534445e26ebfca38afe1c834ba088cbcbc24e37.tar.gz freeipa-f534445e26ebfca38afe1c834ba088cbcbc24e37.tar.xz freeipa-f534445e26ebfca38afe1c834ba088cbcbc24e37.zip