diff options
author | Rob Crittenden <rcritten@redhat.com> | 2011-01-18 14:58:58 -0500 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2011-01-21 13:59:24 -0500 |
commit | cf9ec1c4271e1f2b35f9a4377550064bad0387c3 (patch) | |
tree | 5f586544af7a8ca1f701d182d1584374b864d27b /ipaserver/install | |
parent | 4361cd02422d8a6b30d67bb6869af9c67f7ec9c0 (diff) | |
download | freeipa-cf9ec1c4271e1f2b35f9a4377550064bad0387c3.tar.gz freeipa-cf9ec1c4271e1f2b35f9a4377550064bad0387c3.tar.xz freeipa-cf9ec1c4271e1f2b35f9a4377550064bad0387c3.zip |
Update kerberos password policy values on LDAP binds.
On a failed bind this will update krbLoginFailedCount and krbLastFailedAuth
and will potentially fail the bind altogether.
On a successful bind it will zero krbLoginFailedCount and set
krbLastSuccessfulAuth.
This will also enforce locked-out accounts.
See http://k5wiki.kerberos.org/wiki/Projects/Lockout for details on
kerberos lockout.
ticket 343
Diffstat (limited to 'ipaserver/install')
-rw-r--r-- | ipaserver/install/dsinstance.py | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 378e01234..9a121ea62 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -204,6 +204,7 @@ class DsInstance(service.Service): self.step("configuring uuid plugin", self.__config_uuid_module) self.step("configuring modrdn plugin", self.__config_modrdn_module) self.step("enabling entryUSN plugin", self.__enable_entryusn) + self.step("configuring lockout plugin", self.__config_lockout_module) self.step("creating indices", self.__create_indices) self.step("configuring ssl for ds instance", self.__enable_ssl) self.step("configuring certmap.conf", self.__certmap_conf) @@ -459,6 +460,9 @@ class DsInstance(service.Service): self._ldap_mod("modrdn-conf.ldif") self._ldap_mod("modrdn-krbprinc.ldif", self.sub_dict) + def __config_lockout_module(self): + self._ldap_mod("lockout-conf.ldif") + def __user_private_groups(self): if not has_managed_entries(self.fqdn, self.dm_password): raise errors.NotFound(reason='Missing Managed Entries Plugin') |