Reset the login failed count to 0 when an admin (e.g. not the user)
resets the password. Otherwise a newly reset password could fail too.
ticket https://fedorahosted.org/freeipa/ticket/1441
rob
>From 846ac49a4fffb53a1f8a544b0c695ae75e3cf98a Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Wed, 6 Jul 2011 16:26:27 -0400
Subject: [PATCH] Reset failed login count to 0 when admin resets password.
https://fedorahosted.org/freeipa/ticket/1441
---
.../ipa-pwd-extop/ipapwd_common.c | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c
index 870d6cbf532d7fa3ae2385a1c7515729bf58e7de..fc9ccb05c9da78255b2ffbea6980a13b6103cebf 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c
@@ -1211,6 +1211,12 @@ int ipapwd_SetPassword(struct ipapwd_krbcfg *krbcfg,
slapi_mods_add_string(smods, LDAP_MOD_REPLACE,
"sambaPwdLastset", modtime);
}
+ if (is_krb) {
+ if (data->changetype == IPA_CHANGETYPE_ADMIN) {
+ slapi_mods_add_string(smods, LDAP_MOD_REPLACE,
+ "krbLoginFailedCount", "0");
+ }
+ }
/* let DS encode the password itself, this allows also other plugins to
* intercept it to perform operations like synchronization with Active
* Directory domains through the replication plugin */
--
1.7.4
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
