Rob Crittenden <rcrit...@redhat.com> wrote:
> Jan Zelený wrote:
> > https://fedorahosted.org/freeipa/ticket/930
> > 
> > I put there a value Dmitri suggested. Feel free to change it before
> > pushing if you think there should be the originally suggested 10 login
> > attempts.
> 
> We want to increase krbPwdLockoutDuration too, to 600.
> 
> rob

Sorry, I didn't realize it was in seconds. I just saw 10 and figured it's ok 
it's already there. Anyway, I'm sending the updated patch.

Jan
From 9bfb44ca273268b782c7d52aafb05b32bbcabe54 Mon Sep 17 00:00:00 2001
From: Jan Zeleny <jzel...@redhat.com>
Date: Thu, 10 Feb 2011 08:02:27 -0500
Subject: [PATCH] Updated default Kerberos password policy

https://fedorahosted.org/freeipa/ticket/930
---
 install/share/default-pwpolicy.ldif |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/install/share/default-pwpolicy.ldif b/install/share/default-pwpolicy.ldif
index 9d3d8a755f38ee2db9ad0eb6df32dff3dea187db..1bb4a096efbdeba26b48d2e3a2935228da10bf23 100644
--- a/install/share/default-pwpolicy.ldif
+++ b/install/share/default-pwpolicy.ldif
@@ -8,7 +8,7 @@ krbPwdMinDiffChars: 0
 krbPwdMinLength: 8
 krbPwdHistoryLength: 0
 krbMaxPwdLife: 7776000
-krbPwdMaxFailure: 3
+krbPwdMaxFailure: 6
 krbPwdFailureCountInterval: 60
-krbPwdLockoutDuration: 10
+krbPwdLockoutDuration: 600
 
-- 
1.7.4

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to