diff options
author | Rob Crittenden <rcritten@redhat.com> | 2013-02-15 11:51:59 -0500 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2013-03-21 15:44:53 -0400 |
commit | 797baef1a433d14694fcb234c24828c1ad4019dc (patch) | |
tree | 653d888b413dc8e968c02c9afb5a6e09fd6176f0 /daemons/ipa-slapi-plugins/ipa-dns | |
parent | 41031fe121d6ec8bc9a6bb48b62068a9af905dc3 (diff) | |
download | freeipa-797baef1a433d14694fcb234c24828c1ad4019dc.tar.gz freeipa-797baef1a433d14694fcb234c24828c1ad4019dc.tar.xz freeipa-797baef1a433d14694fcb234c24828c1ad4019dc.zip |
Fix lockout of LDAP bind.
There were several problems:
- A cut-n-paste error where the wrong value was being considered when
an account was administratively unlocked.
- An off-by-one error where LDAP got one extra bind attempt.
- krbPwdPolicyReference wasn't being retrieved as a virtual attribute so
only the global_policy was used.
- The lockout duration wasn't examined in the context of too many failed
logins so wasn't being applied properly.
- Lockout duration wasn't used properly so a user was effectively unlocked
when the failure interval expired.
- krbLastFailedAuth and krbLoginFailedCount are no longer updated past
max failures.
https://fedorahosted.org/freeipa/ticket/3433
Diffstat (limited to 'daemons/ipa-slapi-plugins/ipa-dns')
0 files changed, 0 insertions, 0 deletions