Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add support for disabling KDC writes | Simo Sorce | 2012-06-06 | 1 | -0/+7 |
| | | | | | | | | | | | Add two global ipaConfig options to disable undesirable writes that have performance impact. The "KDC:Disable Last Success" will disable writing back to ldap the last successful AS Request time (successful kinit) The "KDC:Disable Lockout" will disable completely writing back lockout related data. This means lockout policies will stop working. https://fedorahosted.org/freeipa/ticket/2734 | ||||
* | Check for locked-out user before incrementing lastfail. | Rob Crittenden | 2012-05-18 | 1 | -4/+6 |
| | | | | | | | | | | | | | | | | | | | | | | If a user become locked due to too many failed logins and then were unlocked by an administrator, the account would not lock again. This was caused by two things: - We were incrementing the fail counter before checking to see if the account was already locked out. - The current fail count wasn't taken into consideration when deciding if the account is locked. The sequence was this: 1. Unlocked account, set failcount to 0 2. Failed login, increment failcount 3. Within lastfailed + lockout_duration, still locked. This skips update the last_failed date. So I reversed 2 and 3 and check to see if the fail count exceeds policy. https://fedorahosted.org/freeipa/ticket/2765 | ||||
* | ipa-kdb: add AS auditing support | Simo Sorce | 2012-02-14 | 1 | -0/+120 |
Fixes: https://fedorahosted.org/freeipa/ticket/2334 |