IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
5b12367ca85153441c7d0466545bbdbd00a86927
freeipa/daemons
History
Tomas Babej 5d78cdf809 ipa-pwd-extop: Deny LDAP binds for accounts with expired principals 
Adds a check for krbprincipalexpiration attribute to pre_bind operation
in ipa-pwd-extop dirsrv plugin. If the principal is expired, auth is
denied and LDAP_UNWILLING_TO_PERFORM along with the error message is
sent back to the client. Since krbprincipalexpiration attribute is not
mandatory, if there is no value set, the check is passed.

https://fedorahosted.org/freeipa/ticket/3305

Reviewed-By: Simo Sorce <simo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2014-05-05 18:50:01 +03:00
..
ipa-kdb
Avoid passing non-terminated string to is_master_host
2014-03-11 16:55:01 +01:00
ipa-otpd
Move ipa-otpd socket directory
2014-02-11 17:36:19 +01:00
ipa-sam
ipa-sam: cache gid to sid and uid to sid requests in idmap cache
2014-03-12 12:19:06 +01:00
ipa-slapi-plugins
ipa-pwd-extop: Deny LDAP binds for accounts with expired principals
2014-05-05 18:50:01 +03:00
configure.ac
Add OTP last token plugin
2014-02-21 10:26:02 +01:00
ipa-version.h.in
Fix typos
2011-09-07 13:20:42 +02:00
Makefile.am
Add the krb5/FreeIPA RADIUS companion daemon
2013-05-17 09:30:51 +02:00