Jan Zelený wrote:
Jan Zeleny<jzel...@redhat.com>  wrote:
Rob Crittenden<rcrit...@redhat.com>  wrote:
Jan Zelený wrote:
https://fedorahosted.org/freeipa/ticket/930

I put there a value Dmitri suggested. Feel free to change it before
pushing if you think there should be the originally suggested 10 login
attempts.

We want to increase krbPwdLockoutDuration too, to 600.

rob

Sorry, I didn't realize it was in seconds. I just saw 10 and figured it's
ok it's already there. Anyway, I'm sending the updated patch.

Just a reminder that this patch needs to be re-reviewed.

Thanks
Jan

I think we need to fix this as an update file rather than changing the default install. It would look something like:

dn: cn=global_policy,cn=$REALM,cn=kerberos,$SUFFIX
replace:krbPwdLockoutDuration: 10: 600
replace: krbPwdMaxFailure: 3: 6

I'm ok with fixing it in both places.

rob

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to