From 3e45c9be0aefb03751665a951f426ac59c50a551 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Tue, 24 Nov 2015 15:39:08 -0500 Subject: Allow admins to disable preauth for SPNs. Some legacy softare is not able to properly cope with preauthentication, allow the admins to disable the requirement to use preauthentication for all Service Principal Names if they so desire. IPA Users are excluded, for users, which use password of lessere entrpy, preauthentication is always required by default. This setting does NOT override explicit policies set on service principals or in the global policy, it only affects the default. Signed-off-by: Simo Sorce Ticket: https://fedorahosted.org/freeipa/ticket/3860 Reviewed-By: Martin Babinsky --- API.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'API.txt') diff --git a/API.txt b/API.txt index e2976e0e2..5b75413f9 100644 --- a/API.txt +++ b/API.txt @@ -766,7 +766,7 @@ args: 0,25,3 option: Str('addattr*', cli_name='addattr', exclude='webui') option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') option: Str('delattr*', cli_name='delattr', exclude='webui') -option: StrEnum('ipaconfigstring', attribute=True, autofill=False, cli_name='ipaconfigstring', csv=True, multivalue=True, required=False, values=(u'AllowNThash', u'KDC:Disable Last Success', u'KDC:Disable Lockout')) +option: StrEnum('ipaconfigstring', attribute=True, autofill=False, cli_name='ipaconfigstring', csv=True, multivalue=True, required=False, values=(u'AllowNThash', u'KDC:Disable Last Success', u'KDC:Disable Lockout', u'KDC:Disable Default Preauth for SPNs')) option: Str('ipadefaultemaildomain', attribute=True, autofill=False, cli_name='emaildomain', multivalue=False, required=False) option: Str('ipadefaultloginshell', attribute=True, autofill=False, cli_name='defaultshell', multivalue=False, required=False) option: Str('ipadefaultprimarygroup', attribute=True, autofill=False, cli_name='defaultgroup', multivalue=False, required=False) -- cgit