Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[4.4] password policy: Add explicit default password policy for hosts and services #344

Closed
wants to merge 2 commits into from
Closed

[4.4] password policy: Add explicit default password policy for hosts and services #344

wants to merge 2 commits into from

Conversation

ghost
Copy link

@ghost ghost commented Dec 14, 2016
edited by ghost

No description provided.

David Kupka added 2 commits December 14, 2016 17:55
password policy: Add explicit default password policy for hosts and s…
2d0333d 
…ervices

Set explicitly krbPwdPolicyReference attribute to all hosts (entries in
cn=computers,cn=accounts), services (entries in cn=services,cn=accounts) and
Kerberos services (entries in cn=$REALM,cn=kerberos). This is done using DS's
CoS so no attributes are really added.

The default policies effectively disable any enforcement or lockout for hosts
and services. Since hosts and services use keytabs passwords enforcements
doesn't make much sense. Also the lockout policy could be used for easy and
cheap DoS.

https://fedorahosted.org/freeipa/ticket/6561
tests: Expect krbpwdpolicyreference in result of {host,service}-{find…
4f0847f 
…,show} --all

Result of {host,service}-{find,show} commands with option '--all' always contains
krbpwpolicyreference attributes.

https://fedorahosted.org/freeipa/ticket/6561
@ghost ghost requested a review from pvomacka December 14, 2016 16:57
@ghost ghost assigned pvomacka Dec 14, 2016
@MartinBasti MartinBasti changed the title password policy: Add explicit default password policy for hosts and services [4.4] password policy: Add explicit default password policy for hosts and services Dec 14, 2016
@pvomacka pvomacka added the ack Pull Request approved, can be merged label Dec 14, 2016
@ghost ghost added the pushed Pull Request has already been pushed label Dec 14, 2016
@ghost
Copy link
Author

ghost commented Dec 14, 2016

Fixed upstream
ipa-4-4:
https://fedorahosted.org/freeipa/changeset/08e7af9f0f8acac3dcd8dde1eee53261e5d25f1f
https://fedorahosted.org/freeipa/changeset/171bc3e6853f905184584e414cefa4f7296c02ea

@ghost ghost closed this Dec 14, 2016
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pvomacka pvomacka Awaiting requested review from pvomacka

Assignees

@pvomacka pvomacka

Labels
ack Pull Request approved, can be merged pushed Pull Request has already been pushed
Projects
None yet
Milestone
No milestone
1 participant
@pvomacka