IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-01 11:47:11 -06:00
Code Issues Packages Projects Releases Wiki Activity
6,295 Commits 11 Branches 59 Tags 60 MiB
091e8fac34
Commit Graph

3 Commits

Author SHA1 Message Date
Sumit Bose
091e8fac34 Use the right attribute with ipapwd_entry_checks for MagicRegen 
There is a special mode to set the ipaNTHash attribute if a RC4 Kerberos
key is available for the corresponding user. This is typically triggered
by samba via the ipa_sam passdb plugin. The principal used by samba to
connect to the IPA directory server has the right to modify ipaNTHash
but no other password attribute. This means that the current check on
the userPassword attribute is too strict for this case and leads to a
failure of the whole operation.

With this patch the access right on ipaNTHash are checked if no other
password operations are requested.
 2013-10-08 09:18:57 +02:00
Nathaniel McCallum
5b58348cd3 Add OTP support to ipa-pwd-extop 
During LDAP bind, this now plugin determines if a user is enabled
for OTP authentication. If so, then the OTP is validated in addition
to the password. This allows 2FA during user binds.

    https://fedorahosted.org/freeipa/ticket/3367
    http://freeipa.org/page/V3/OTP
 2013-05-17 09:30:51 +02:00
Nathaniel McCallum
1e1bab4edc Remove unnecessary prefixes from ipa-pwd-extop files 2013-05-17 09:30:51 +02:00