diff options
author | Simo Sorce <simo@redhat.com> | 2015-04-04 10:53:52 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2015-05-27 09:45:56 -0400 |
commit | d5b6c8360116857623b4b67a42ed3788df2ba24a (patch) | |
tree | 2c3f7a30cc26d0f28a84c30304480804baf3546e /ipaserver/install/server.py | |
parent | 01fa05dd4ec7bd79abee8df0dd3642eabf138bcf (diff) | |
download | freeipa-d5b6c8360116857623b4b67a42ed3788df2ba24a.tar.gz freeipa-d5b6c8360116857623b4b67a42ed3788df2ba24a.tar.xz freeipa-d5b6c8360116857623b4b67a42ed3788df2ba24a.zip |
Detect default encsalts kadmin password change
When kadmin tries to change a password it will get the allowed keysalts
from the password policy. Failure to provide them will result in kadmin
using the defaults specified in the kdc.conf file or hardcoded defaults
(the default salt is then of type NORMAL).
This patch provides the supported values that have been read out of the
appropriate LDAP attribute when we read the server configuration.
Then at actual password change, check if kadmin is handing us back the exact
list of supported encsalts we sent it, and in that case replace it with the
real default encsalts.
Fixes https://fedorahosted.org/freeipa/ticket/4914
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Martin Babinsky <mbabinsk@redhat.com>
Diffstat (limited to 'ipaserver/install/server.py')
0 files changed, 0 insertions, 0 deletions