freeipa.git - FreeIPA patches

	Commit message (Collapse)	Author	Age	Files	Lines
*	do not log BINDs to non-existent users as errors	Martin Babinsky	2015-04-02	1	-2/+2
\| \| \| \| \| \|	https://fedorahosted.org/freeipa/ticket/4889 Reviewed-By: Petr Spacek <pspacek@redhat.com>
*	ipa-lockout: do not fail when default realm cannot be read	Martin Kosek	2014-02-04	1	-17/+17
\| \| \| \| \| \| \| \| \| \| \|	When ipa-lockout plugin is started during FreeIPA server installation, the default realm may not be available and plugin should then not end with failure. Similarly to other plugins, start in degraded mode in this situation. Operation is fully restored during the final services restart. https://fedorahosted.org/freeipa/ticket/4085
*	Fallback to global policy in ipa-lockout plugin	Martin Kosek	2014-02-03	1	-0/+34
\| \| \| \| \| \| \| \| \| \|	krbPwdPolicyReference is no longer filled default users. Instead, plugins fallback to hardcoded global policy reference. Fix ipa-lockout plugin to fallback to it instead of failing to apply the policy. https://fedorahosted.org/freeipa/ticket/4085
*	Re-order NULL check in ipa_lockout.	Rob Crittenden	2013-08-29	1	-2/+1
\| \| \| \| \| \| \| \|	There is no risk of crash here as slapi_valueset_first_value() can handle the case where the valueset is NULL, but there is no point in calling that if we know there are no values. https://fedorahosted.org/freeipa/ticket/3880
*	Remove unused variable	Lukas Slebodnik	2013-07-25	1	-2/+0
\| \| \| \|	Variable was set, but it was not used.
*	Remove unused variable	Lukas Slebodnik	2013-07-25	1	-1/+0
\|
*	Remove unused variable	Jakub Hrozek	2013-07-15	1	-4/+0
\|
*	Fix lockout of LDAP bind.	Rob Crittenden	2013-03-21	1	-91/+158
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	There were several problems: - A cut-n-paste error where the wrong value was being considered when an account was administratively unlocked. - An off-by-one error where LDAP got one extra bind attempt. - krbPwdPolicyReference wasn't being retrieved as a virtual attribute so only the global_policy was used. - The lockout duration wasn't examined in the context of too many failed logins so wasn't being applied properly. - Lockout duration wasn't used properly so a user was effectively unlocked when the failure interval expired. - krbLastFailedAuth and krbLoginFailedCount are no longer updated past max failures. https://fedorahosted.org/freeipa/ticket/3433
*	ipa-lockout: Wrong sizeof argument in ipa_lockout.c	Sumit Bose	2013-02-28	1	-1/+1
\| \| \| \|	Fixes https://fedorahosted.org/freeipa/ticket/3425
*	Honor the kdb options disabling KDC writes in ipa_lockout plugin	Rob Crittenden	2012-12-05	1	-1/+119
\| \| \| \| \| \| \| \| \| \| \| \| \|	Ther3 are two global ipaConfig options to disable undesirable writes that have performance impact. The "KDC:Disable Last Success" will disable writing back to ldap the last successful AS Request time (successful kinit) The "KDC:Disable Lockout" will disable completely writing back lockout related data. This means lockout policies will stop working. https://fedorahosted.org/freeipa/ticket/2734
*	Fix typos	Yuri Chornoivan	2011-09-07	1	-1/+1
\| \| \| \| \| \|	Fix "The the" and "classses" in FreeIPA code and messages. https://fedorahosted.org/freeipa/ticket/1480
*	Fix build warnings	Simo Sorce	2011-08-26	1	-10/+12
\| \| \| \|	Some are actual bugs.
*	Update kerberos password policy values on LDAP binds.	Rob Crittenden	2011-01-21	1	-0/+643
	On a failed bind this will update krbLoginFailedCount and krbLastFailedAuth and will potentially fail the bind altogether. On a successful bind it will zero krbLoginFailedCount and set krbLastSuccessfulAuth. This will also enforce locked-out accounts. See http://k5wiki.kerberos.org/wiki/Projects/Lockout for details on kerberos lockout. ticket 343