diff options
author | Nathaniel McCallum <npmccallum@redhat.com> | 2013-12-16 16:19:08 -0500 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-02-21 10:26:02 +0100 |
commit | 49038cda9fcddf75e04d1e36df3707432b96fb6d (patch) | |
tree | a7c38748dbfea8dd311e88aff805a266d7fcef64 /ipaserver | |
parent | abb63ed9d1027b967b4ac4473433e4eb5a3ff0b9 (diff) | |
download | freeipa-49038cda9fcddf75e04d1e36df3707432b96fb6d.tar.gz freeipa-49038cda9fcddf75e04d1e36df3707432b96fb6d.tar.xz freeipa-49038cda9fcddf75e04d1e36df3707432b96fb6d.zip |
Add OTP last token plugin
This plugin prevents the deletion or deactivation of the last
valid token for a user. This prevents the user from migrating
back to single factor authentication once OTP has been enabled.
Thanks to Mark Reynolds for helping me with this patch.
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/dsinstance.py | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index de804059c..8fa900f8d 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -270,6 +270,7 @@ class DsInstance(service.Service): self.step("configuring DNS plugin", self.__config_dns_module) self.step("enabling entryUSN plugin", self.__enable_entryusn) self.step("configuring lockout plugin", self.__config_lockout_module) + self.step("configuring OTP last token plugin", self.__config_otp_lasttoken_module) self.step("creating indices", self.__create_indices) self.step("enabling referential integrity plugin", self.__add_referint_module) if enable_ssl: @@ -571,6 +572,9 @@ class DsInstance(service.Service): def __config_lockout_module(self): self._ldap_mod("lockout-conf.ldif") + def __config_otp_lasttoken_module(self): + self._ldap_mod("otp-lasttoken-conf.ldif") + def __repoint_managed_entries(self): self._ldap_mod("repoint-managed-entries.ldif", self.sub_dict) |