The pwpolicy plugin was basically hardcoded to version 1.8 instead of
checking for >= 1.8
This patch uses distutils.version to fix that.
Simo.
>From 1c5882957d8ecdb03d28ad891163069532f320cd Mon Sep 17 00:00:00 2001
From: Simo Sorce <sso...@redhat.com>
Date: Mon, 15 Nov 2010 17:05:55 -0500
Subject: [PATCH 1/2] Use distutil.version to check for min version
---
ipalib/plugins/pwpolicy.py | 10 ++++++++--
1 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/ipalib/plugins/pwpolicy.py b/ipalib/plugins/pwpolicy.py
index 53989def3184ce942e6b9f1832307e0b66d1c449..7a83216f35d23fb1470ffa051a8e998886e86aa7 100644
--- a/ipalib/plugins/pwpolicy.py
+++ b/ipalib/plugins/pwpolicy.py
@@ -64,6 +64,7 @@ from ipalib import Int, Str
from ipalib.plugins.baseldap import *
from ipalib import _
from ipapython.ipautil import run
+from distutils import version
class cosentry(LDAPObject):
"""
@@ -171,12 +172,17 @@ class pwpolicy(LDAPObject):
'krbpwdmaxfailure', 'krbpwdfailurecountinterval',
'krbpwdlockoutduration',
]
+ MIN_KRB5KDC_WITH_LOCKOUT = "1.8"
has_lockout = False
lockout_params = ()
+
(stdout, stderr, rc) = run(['klist', '-V'], raiseonerr=False)
if rc == 0:
- if stdout.find('version 1.8') > -1:
- has_lockout = True
+ verstr = stdout.split()[-1]
+ ver = version.LooseVersion(verstr)
+ min = version.LooseVersion(MIN_KRB5KDC_WITH_LOCKOUT)
+ if ver >= min:
+ has_lockout = True
if has_lockout:
lockout_params = (
--
1.7.3.2
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
