On Fri, Feb 11, 2011 at 01:34:39PM -0500, Rob Crittenden wrote:
> Add a replace verb to ipa-ldap-updater so an existing value can be
> replaced, but only if the value matches the old value in the update.
> This would be used for us to replace default values that the
> end-user hasn't already updated. The first one of these would be for
> the kerberos password policy where our default values are on the low
> side. We don't want to interfere with anything already set.
> The update file would look like:
> dn: cn=global_policy,cn=$REALM,cn=kerberos,$SUFFIX
> replace:krbPwdLockoutDuration: 10: 600
> dn: cn=global_policy,cn=$REALM,cn=kerberos,$SUFFIX
> replace:krbPwdMaxFailure: 3: 6
> This patch would obsolete Jan's patch titled 'Updated default
> Kerberos password policy". Simo and I had discussed doing something
> like this in IRC and hadn't communicated our intentions to the rest
> of the team, sorry about that.
> rob


Freeipa-devel mailing list

Reply via email to