mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-28 18:01:23 -06:00
d5b6c83601
When kadmin tries to change a password it will get the allowed keysalts from the password policy. Failure to provide them will result in kadmin using the defaults specified in the kdc.conf file or hardcoded defaults (the default salt is then of type NORMAL). This patch provides the supported values that have been read out of the appropriate LDAP attribute when we read the server configuration. Then at actual password change, check if kadmin is handing us back the exact list of supported encsalts we sent it, and in that case replace it with the real default encsalts. Fixes https://fedorahosted.org/freeipa/ticket/4914 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Martin Babinsky <mbabinsk@redhat.com> |
||
|---|---|---|
| .. | ||
| tests | ||
| ipa_kdb_audit_as.c | ||
| ipa_kdb_common.c | ||
| ipa_kdb_delegation.c | ||
| ipa_kdb_mkey.c | ||
| ipa_kdb_mspac.c | ||
| ipa_kdb_passwords.c | ||
| ipa_kdb_principals.c | ||
| ipa_kdb_pwdpolicy.c | ||
| ipa_kdb.c | ||
| ipa_kdb.exports | ||
| ipa_kdb.h | ||
| Makefile.am | ||
| README | ||
| README.s4u2proxy.txt | ||
This is the ipa krb5kdc database backend.