On Fri, Feb 11, 2011 at 01:34:39PM -0500, Rob Crittenden wrote:
> Add a replace verb to ipa-ldap-updater so an existing value can be
> replaced, but only if the value matches the old value in the update.
> 
> This would be used for us to replace default values that the
> end-user hasn't already updated. The first one of these would be for
> the kerberos password policy where our default values are on the low
> side. We don't want to interfere with anything already set.
> 
> The update file would look like:
> 
> dn: cn=global_policy,cn=$REALM,cn=kerberos,$SUFFIX
> replace:krbPwdLockoutDuration: 10: 600
> 
> dn: cn=global_policy,cn=$REALM,cn=kerberos,$SUFFIX
> replace:krbPwdMaxFailure: 3: 6
> 
> This patch would obsolete Jan's patch titled 'Updated default
> Kerberos password policy". Simo and I had discussed doing something
> like this in IRC and hadn't communicated our intentions to the rest
> of the team, sorry about that.
> 
> rob

Ack

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to