Commit Graph

6 Commits

Author SHA1 Message Date
Sumit Bose
d876a22732 Remove generation and handling of LM hashes
https://fedorahosted.org/freeipa/ticket/3795
2013-11-01 09:28:35 +01:00
Tomas Babej
0e8a329048 Prevent integer overflow when setting krbPasswordExpiration
Since in Kerberos V5 are used 32-bit unix timestamps, setting
maxlife in pwpolicy to values such as 9999 days would cause
integer overflow in krbPasswordExpiration attribute.

This would result into unpredictable behaviour such as users
not being able to log in after password expiration if password
policy was changed (#3114) or new users not being able to log
in at all (#3312).

The timestamp value is truncated to Jan 1, 2038 in ipa-kdc driver.

https://fedorahosted.org/freeipa/ticket/3312
https://fedorahosted.org/freeipa/ticket/3114
2013-02-08 15:54:21 +01:00
Sumit Bose
973aad9db3 Make encode_ntlm_keys() public 2012-09-06 09:24:58 +02:00
Simo Sorce
651f932473 ipa-kdb: add AS auditing support
Fixes: https://fedorahosted.org/freeipa/ticket/2334
2012-02-14 18:03:45 -05:00
Martin Kosek
f2cc9c8d33 Improve password change error message
User always receives the same error message if he changes his password
via "ipa passwd" command and the new password fails configured
password policy. He then has to investigate on his own the actual
reason why was the policy violated. This patch improves our SLAPI PWD
plugins to provide a better error message explaining the violation
reason.

https://fedorahosted.org/freeipa/ticket/2067
2012-02-03 17:21:33 +01:00
Simo Sorce
a1637d47c0 util: add password policy manipulation functions 2011-08-26 08:24:49 -04:00