summaryrefslogtreecommitdiffstats
path: root/ipaserver/install/dsinstance.py
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2011-01-18 14:58:58 -0500
committerRob Crittenden <rcritten@redhat.com>2011-01-21 13:59:24 -0500
commitcf9ec1c4271e1f2b35f9a4377550064bad0387c3 (patch)
tree5f586544af7a8ca1f701d182d1584374b864d27b /ipaserver/install/dsinstance.py
parent4361cd02422d8a6b30d67bb6869af9c67f7ec9c0 (diff)
downloadfreeipa-cf9ec1c4271e1f2b35f9a4377550064bad0387c3.zip
freeipa-cf9ec1c4271e1f2b35f9a4377550064bad0387c3.tar.gz
freeipa-cf9ec1c4271e1f2b35f9a4377550064bad0387c3.tar.xz
Update kerberos password policy values on LDAP binds.
On a failed bind this will update krbLoginFailedCount and krbLastFailedAuth and will potentially fail the bind altogether. On a successful bind it will zero krbLoginFailedCount and set krbLastSuccessfulAuth. This will also enforce locked-out accounts. See http://k5wiki.kerberos.org/wiki/Projects/Lockout for details on kerberos lockout. ticket 343
Diffstat (limited to 'ipaserver/install/dsinstance.py')
-rw-r--r--ipaserver/install/dsinstance.py4
1 files changed, 4 insertions, 0 deletions
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 378e012..9a121ea 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -204,6 +204,7 @@ class DsInstance(service.Service):
self.step("configuring uuid plugin", self.__config_uuid_module)
self.step("configuring modrdn plugin", self.__config_modrdn_module)
self.step("enabling entryUSN plugin", self.__enable_entryusn)
+ self.step("configuring lockout plugin", self.__config_lockout_module)
self.step("creating indices", self.__create_indices)
self.step("configuring ssl for ds instance", self.__enable_ssl)
self.step("configuring certmap.conf", self.__certmap_conf)
@@ -459,6 +460,9 @@ class DsInstance(service.Service):
self._ldap_mod("modrdn-conf.ldif")
self._ldap_mod("modrdn-krbprinc.ldif", self.sub_dict)
+ def __config_lockout_module(self):
+ self._ldap_mod("lockout-conf.ldif")
+
def __user_private_groups(self):
if not has_managed_entries(self.fqdn, self.dm_password):
raise errors.NotFound(reason='Missing Managed Entries Plugin')