summaryrefslogtreecommitdiffstats
path: root/install
diff options
context:
space:
mode:
authorJan Zeleny <jzeleny@redhat.com>2011-02-10 08:02:27 -0500
committerRob Crittenden <rcritten@redhat.com>2011-02-16 22:28:08 -0500
commit3f40f1492cd39574c80af1a01e3771bd86c7027d (patch)
tree3187d3bfbbb02e4a498b6e4d1a54c49493ec72e4 /install
parent86fe47b87df4e503e9d1d4c6cf6be62b5cbab685 (diff)
downloadfreeipa-3f40f1492cd39574c80af1a01e3771bd86c7027d.tar.gz
freeipa-3f40f1492cd39574c80af1a01e3771bd86c7027d.tar.xz
freeipa-3f40f1492cd39574c80af1a01e3771bd86c7027d.zip
Updated default Kerberos password policy
https://fedorahosted.org/freeipa/ticket/930
Diffstat (limited to 'install')
-rw-r--r--install/share/default-pwpolicy.ldif4
-rw-r--r--install/updates/50-lockout-policy.update4
-rw-r--r--install/updates/Makefile.am1
3 files changed, 7 insertions, 2 deletions
diff --git a/install/share/default-pwpolicy.ldif b/install/share/default-pwpolicy.ldif
index 9d3d8a755..1bb4a096e 100644
--- a/install/share/default-pwpolicy.ldif
+++ b/install/share/default-pwpolicy.ldif
@@ -8,7 +8,7 @@ krbPwdMinDiffChars: 0
krbPwdMinLength: 8
krbPwdHistoryLength: 0
krbMaxPwdLife: 7776000
-krbPwdMaxFailure: 3
+krbPwdMaxFailure: 6
krbPwdFailureCountInterval: 60
-krbPwdLockoutDuration: 10
+krbPwdLockoutDuration: 600
diff --git a/install/updates/50-lockout-policy.update b/install/updates/50-lockout-policy.update
new file mode 100644
index 000000000..302ab81c9
--- /dev/null
+++ b/install/updates/50-lockout-policy.update
@@ -0,0 +1,4 @@
+dn: cn=global_policy,cn=$REALM,cn=kerberos,$SUFFIX
+replace:krbPwdLockoutDuration:10:600
+replace: krbPwdMaxFailure:3:6
+
diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am
index b474cd1c5..26318e144 100644
--- a/install/updates/Makefile.am
+++ b/install/updates/Makefile.am
@@ -10,6 +10,7 @@ app_DATA = \
20-replication.update \
20-winsync_index.update \
40-delegation.update \
+ 50-lockout-policy.update \
$(NULL)
EXTRA_DIST = \