Commit Graph

8 Commits

Author SHA1 Message Date
Simo Sorce
d5b6c83601 Detect default encsalts kadmin password change
When kadmin tries to change a password it will get the allowed keysalts
from the password policy. Failure to provide them will result in kadmin
using the defaults specified in the kdc.conf file or hardcoded defaults
(the default salt is then of type NORMAL).

This patch provides the supported values that have been read out of the
appropriate LDAP attribute when we read the server configuration.

Then at actual password change, check if kadmin is handing us back the exact
list of supported encsalts we sent it, and in that case replace it with the
real default encsalts.

Fixes https://fedorahosted.org/freeipa/ticket/4914

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Martin Babinsky <mbabinsk@redhat.com>
2015-05-27 09:45:56 -04:00
Rob Crittenden
56fa06fec4 Fix failure count interval attribute name in query for password policy.
This was causing the failure count interval to not be applied so
the failure count was never reset to 0.

https://fedorahosted.org/freeipa/ticket/2540
2012-03-29 00:52:25 -04:00
Simo Sorce
735618a1c6 Fix memleak and silence Coverity defects
Some of these are not real defects, because we are guaranteed to have valid
context in some functions, and checks are not necessary.
I added the checks anyway in order to silence Coverity on these issues.

One meleak on error condition was fixed in
daemons/ipa-kdb/ipa_kdb_pwdpolicy.c

Silence errors in ipa-client/ipa-getkeytab.c, the code looks wrong, but it is
actually fine as we count before hand so we never actually use the wrong value
that is computed on the last pass when p == 0

Fixes: https://fedorahosted.org/freeipa/ticket/2488
2012-03-22 17:33:13 +01:00
Simo Sorce
9942a29cab policy: add function to check lockout policy
Fixes: https://fedorahosted.org/freeipa/ticket/2393
2012-02-19 20:43:45 -05:00
Simo Sorce
651f932473 ipa-kdb: add AS auditing support
Fixes: https://fedorahosted.org/freeipa/ticket/2334
2012-02-14 18:03:45 -05:00
Simo Sorce
9701821227 Fix CID 11027: Wrong sizeof argument
https://fedorahosted.org/freeipa/ticket/2037
2011-11-07 11:13:55 -05:00
Simo Sorce
ad8c53d584 Fix CID 11026: Resource leak
https://fedorahosted.org/freeipa/ticket/2037
2011-11-07 11:13:55 -05:00
Simo Sorce
49c25dbdf5 ipa-kdb: implement function to retrieve password policies 2011-08-26 08:24:49 -04:00