IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-26 17:01:14 -06:00
Code Issues Packages Projects Releases Wiki Activity
5ce88a1f89
freeipa/daemons
History
Tomas Babej 5d78cdf809 ipa-pwd-extop: Deny LDAP binds for accounts with expired principals 
Adds a check for krbprincipalexpiration attribute to pre_bind operation
in ipa-pwd-extop dirsrv plugin. If the principal is expired, auth is
denied and LDAP_UNWILLING_TO_PERFORM along with the error message is
sent back to the client. Since krbprincipalexpiration attribute is not
mandatory, if there is no value set, the check is passed.

https://fedorahosted.org/freeipa/ticket/3305

Reviewed-By: Simo Sorce <simo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2014-05-05 18:50:01 +03:00
..
ipa-kdb Avoid passing non-terminated string to is_master_host 2014-03-11 16:55:01 +01:00
ipa-otpd Move ipa-otpd socket directory 2014-02-11 17:36:19 +01:00
ipa-sam ipa-sam: cache gid to sid and uid to sid requests in idmap cache 2014-03-12 12:19:06 +01:00
ipa-slapi-plugins ipa-pwd-extop: Deny LDAP binds for accounts with expired principals 2014-05-05 18:50:01 +03:00
configure.ac Add OTP last token plugin 2014-02-21 10:26:02 +01:00
ipa-version.h.in Fix typos 2011-09-07 13:20:42 +02:00
Makefile.am Add the krb5/FreeIPA RADIUS companion daemon 2013-05-17 09:30:51 +02:00