From cf9ec1c4271e1f2b35f9a4377550064bad0387c3 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Tue, 18 Jan 2011 14:58:58 -0500 Subject: Update kerberos password policy values on LDAP binds. On a failed bind this will update krbLoginFailedCount and krbLastFailedAuth and will potentially fail the bind altogether. On a successful bind it will zero krbLoginFailedCount and set krbLastSuccessfulAuth. This will also enforce locked-out accounts. See http://k5wiki.kerberos.org/wiki/Projects/Lockout for details on kerberos lockout. ticket 343 --- ipaserver/install/dsinstance.py | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'ipaserver/install') diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 378e01234..9a121ea62 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -204,6 +204,7 @@ class DsInstance(service.Service): self.step("configuring uuid plugin", self.__config_uuid_module) self.step("configuring modrdn plugin", self.__config_modrdn_module) self.step("enabling entryUSN plugin", self.__enable_entryusn) + self.step("configuring lockout plugin", self.__config_lockout_module) self.step("creating indices", self.__create_indices) self.step("configuring ssl for ds instance", self.__enable_ssl) self.step("configuring certmap.conf", self.__certmap_conf) @@ -459,6 +460,9 @@ class DsInstance(service.Service): self._ldap_mod("modrdn-conf.ldif") self._ldap_mod("modrdn-krbprinc.ldif", self.sub_dict) + def __config_lockout_module(self): + self._ldap_mod("lockout-conf.ldif") + def __user_private_groups(self): if not has_managed_entries(self.fqdn, self.dm_password): raise errors.NotFound(reason='Missing Managed Entries Plugin') -- cgit