- Does not require dirsrv access to stash file
- Finalize password history support
- Fix strict password length default in pwd_extop (fix install sctript too)
- fix plugin configuration
- Introduce 3 kind of password change: normal, admin, and ds manager
- normal require adherence to policies
- admin does not but password is immediately expired
- ds manager can just change the password any way he likes.
Initial code to read the Kerberos Master Key from the Directory
This patch uses the kerberos schema policy, this is the same policy used by
kadmin.
While this patch allows for krbPwdPolicy objects anywhere the kldap module
will make the kdc fail to provide tickets if the "krbPwdPolicyReference"
points to any object that is not a child of cn=<REALM>,cn=kerberos,dc=....
To let us set policies anywhere in the tree I enabled the code to actually
look at parent entries and the user entry itself and specify policies directly
on these objects by adding the krbPwdPolicy objectclass to them (I know its
structural but DS seem to allow multiple Structural classes on the same
entry).
The only side effect is that kadmin will not understand this, but we don't
want to use kadmin anyway as it does not understand way too many things about the
directory.
I've tested a few scenarios and all seem working as expected, but further
testing is welcome of course.
> > This largish patch makes the build and installation work on 64bit
> > machines. The only catch here is that to get a 64bit build you need to
> > set LIBDIR on make:
> >
> > make install LIBDIR=/usr/lib64
> >
> > The spec file does this correctly. I couldn't find any reliable way to
> > guess this that works both on real systems and in the almost entirely
> > empty rpm build root (you can't, for example, check for the existence
> > of /usr/lib64).
Set password for admin user using the Directory Mangaer account
and the mozldapldappaswd binary to get and SSL connection
Fix some timeout problems with deploying keytabs
Fix ipa_pwd_extop to actuallt correctly detect an SSL connection
Do not ask for the user to use for the directory unless 'dirsrv' is
an existing user which may clash, create it silently
Remove all dependencies on mhash
Remove code optimizatrion from Makefiles, right now these are
developers targeted builds, so it is better to have debugging
symbols around
